CVE-2026-34832

Scoold is a Q and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

CVE-2026-34832

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

CVE-2026-34832

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

CVE-2026-34832 Scoold: Cross-Account Feedback Deletion (IDOR)

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

EUVD-2026-18529

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

CVE-2026-34832

CVE-2026-34832 affects Scoold prior to version 1.66.1. An authenticated low-privilege user can delete another user’s feedback by sending the ID to POST /feedback/{id}/delete, bypassing ownership/moderator/admin checks. The flaw enables cross-account deletion of feedback items (IDOR) despite authe...

CVE-2026-34832 Scoold: Cross-Account Feedback Deletion (IDOR)

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

Scoold 安全漏洞

Scoold is a team-based Q&A and knowledge-sharing platform developed by Erudika. Versions of Scoold prior to 1.66.1 contained security vulnerabilities. These vulnerabilities stemmed from an authorization flaw in the feedback deletion function after authentication, which could allow users with low...

PT-2026-29878

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

BIT-MOODLE-2025-26526 Feedback response viewing and deletions did not respect Separate Groups mode

Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities...

Techno - Portfolio Management Panel Access Control Vulnerability

Techno - Portfolio Management Panel is a set of portfolio management panel scripts. An access control vulnerability exists in Techno - Portfolio Management Panel on 2017-11-16 and prior versions, which stems from the program failing to detect if a panel/portfolio.php?action=delete request is...

Authorization

Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback...