2 matches found
GHSA-W388-2392-PX73 praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role
Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspaceid/members/userid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can remove any other member, including the workspace owner, using a single DELETE. There is...
itsourcecode Gym Management System 注入漏洞
itsourcecode Gym Management System is an open source gym management system by itsourcecode. An injection vulnerability exists in itsourcecode Gym Management System version 1.0, which originates from an SQL injection caused by a parameter ID operation in the file /ajax.php?action=deletemember...