CVE-2024-39902 Tuleap's recursive permissions to document manager folder are not properly applied

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document manager permissio...

CVE-2024-39902 Tuleap's recursive permissions to document manager folder are not properly applied

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document manager permissio...

CVE-2024-39902

Tuleap’s CVE-2024-39902 affects the document manager permission modal: the checkbox 'Apply same permissions to all sub-items of this folder' is not applied to sub-items, allowing some users to edit or manage items despite restricted permissions. The issue only affects changes via the web UI; REST...

CVE-2024-37224

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71...

CVE-2024-37224

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71...

CVE-2024-37224

CVE-2024-37224 is a path traversal vulnerability in WordPress plugin SP Project & Document Manager (SP Client Document Manager) affecting versions up to 4.71. The issue arises from an improper limitation of a pathname to a restricted directory , enabling access to files outside allowed directorie...

WordPress plugin SP Project & Document Manager path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2024-27393 · Unknown · Sp Project & Document Manager

Name of the Vulnerable Software and Affected Versions: SP Project & Document Manager versions n/a through 4.71 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal attacks...

WordPress SP Project & Document Manager plugin <= 4.71 - Directory Traversal vulnerability

Directory Traversal vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin SP Project & Document Manager versions = 4.71...

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to Directory Traversal

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Directory Traversal CVE CVE-2024-37224 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 45309fbf1e76 Credits CatFather Required...

CVE-2024-3749

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user...

CVE-2024-3749

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user...

CVE-2024-3748

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...

CVE-2024-3748

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...

CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...

CVE-2024-3749 SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user...

CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...

CVE-2024-3748

CVE-2024-3748 affects the SP Project & Document Manager WordPress plugin (versions ≤ 4.71). The issue is an IDOR in the upload function where an attacker can manipulate the user_id to make a file appear uploaded by another user, enabling potential unauthorized access or attribution. Connected sou...

WordPress SP Project & Document Manager Plugin <= 4.70 is vulnerable to Directory Traversal

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.70 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Directory Traversal CVE CVE-2024-1693 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f84eca5d6c78 Credits fewwords huang Requir...

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to Insecure Direct Object References (IDOR)

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-3748 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 1c7d92437a35 Credits...