2 matches found
CVE-2025-0744 Improper Access Control vulnerability in EmbedAI
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmtcashondelivery/pay" endpoint...
CVE-2025-0744
EmbedAI, version 2.1 and earlier, is exposed to an Improper Access Control vulnerability. An authenticated attacker can change their subscription plan without paying by issuing a POST to the payment endpoint (/demos/embedai/pmt_cash_on_delivery/pay or with spacing as described in sources). Root c...