4 matches found
CVE-2026-52782 OpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized Resources
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/projectstorages/ via PATCH parameter "storagesprojectstorageprojectfolderid" leads to Access to Unauthorized Resources. A project-admin in one project can...
Yonyou KSOA SQL injection vulnerability
Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the folderid parameter in the file/kmf/savefolder.jsp. This vulnerability may lead to SQL...
CVE-2021-24919
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folderid parameter before using it in a SQL statement in the wickedfolderssavesortorder AJAX action, available to any authenticated user. leading to an SQL injection...
Netkom Internet Solutions (folder_id) Remote SQL Injection Vulnerability
Title : Netkom Internet Solutions folderid Remote SQL Injection Vulnerability Author : By Cr@zyKing [email protected] Greetz : Str0ke,CrackersChild,TheBekir,Eno7,Sabotaqe,Jani zary,GencTurk and Ayyildiz Team Users Dork : Powered by Netkom Internet Solutions | http://www.netkombelize.com...