7 matches found
GHSA-XQV4-XM7H-52CV Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items
Summary The Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for itemdelete, itemretire, itemreinstate, itempictureupload, itempicturesav...
EUVD-2022-52304
Malicious code in bioql PyPI...
Authorization
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by...
UBUNTU-CVE-2023-22500
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by...
Merchandise Online Store SQL注入漏洞
Merchandise Online Store is a merchandise online store system. A security vulnerability exists in Merchandise Online Store, which can be exploited by attackers via /vloggersmerch/classes/Master.php?f=deleteinventory to conduct SQL injection attack...
CVE-2022-30384
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/classes/Master.php?f=deleteinventory...
Merchandise Online Store SQL注入漏洞
Merchandise Online Store is a merchandise online store system. A security vulnerability exists in Merchandise Online Store, which can be exploited by attackers via /vloggersmerch/classes/Master.php?f=deleteinventory to conduct SQL injection attack...