143 matches found
CVE-2025-25206
eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if...
CVE-2025-25206 Incorrect input validation could allow an authenticated user to read sensitive information
eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if...
CVE-2025-25206
CVE-2025-25206 affects eLabFTW prior to version 5.1.15. The issue is caused by incorrect input validation that could allow an authenticated user to read sensitive information (e.g., login tokens or other data in the database). This could lead to privilege escalation if cookies are enabled (defaul...
CVE-2025-25206 Incorrect input validation could allow an authenticated user to read sensitive information
eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if...
CVE-2025-25206 Incorrect input validation could allow an authenticated user to read sensitive information
eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if...
PT-2025-7060 · Elabftw · Elabftw
Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.15 Description: eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, includi...
CVE-2024-25632
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...
CVE-2024-45408
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...
CVE-2024-28100
eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...
CVE-2024-52586
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally by knowing o...
CVE-2024-52586 eLabFTW MFA bypass
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally by knowing o...
CVE-2024-52586
CVE-2024-52586 affects eLabFTW versions 4.6.0 to 5.1.0, where an attacker capable of local authentication can bypass the built‑in MFA and log in regardless of MFA requirements. The issue is documented across multiple sources (Red Hat, CVE list, PT-Security, OSV, NVD, CNVD) with the fixed version ...
CVE-2024-52586 eLabFTW MFA bypass
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally by knowing o...
CVE-2024-52586 eLabFTW MFA bypass
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally by knowing o...
PT-2024-35383 · Elabftw · Elabftw
Name of the Vulnerable Software and Affected Versions: eLabFTW versions 4.6.0 through 5.1.0 Description: A vulnerability has been found in eLabFTW that allows an attacker to bypass the built-in multifactor authentication mechanism. This can be exploited by an attacker who can authenticate locally...
eLabFTW 安全漏洞
eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A security vulnerability exists in eLabFTW versions prior to 4.6.0 through 5.1.0, which stems from a vulnerability that allows an attacke...
CVE-2024-47826
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" show mode, "database.php" show mode or "search.php". It works by providing HTML code in the extended...
CVE-2024-47826
CVE-2024-47826 concerns eLabFTW versions prior to 5.1.5. The issue is an HTML injection in pages that show error messages (experiments.php, database.php, search.php) triggered by including HTML in the extended search string. Injected HTML appears inside a red alert box in the error message; execu...
CVE-2024-47826 eLabFTW vulnerable to HTML Injection in extended search error message
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" show mode, "database.php" show mode or "search.php". It works by providing HTML code in the extended...
CVE-2024-47826 eLabFTW vulnerable to HTML Injection in extended search error message
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" show mode, "database.php" show mode or "search.php". It works by providing HTML code in the extended...