CVE-2021-4364

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchaddjobimportschedulecall function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls...

CVE-2023-45152

Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that n...

Server side request forgery (ssrf)

Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that n...

CVE-2023-45152

CVE-2023-45152 applies to Engelsystem, a shift planning system. Description: a Blind SSRF in the Import schedule feature allows a local port scan against the host environment. Root cause is a server-side request forgery in the import workflow. The advisory notes the issue has been fixed in commit...

CVE-2023-45152 Blind Server Side Request Forgery (SSRF) in remote schedule import feature in Engelsystem

Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that n...

Engelsystem Code Issue Vulnerability

Engelsystem is an open source shift scheduling system from Engelsystem. Engelsystem has a code issue vulnerability that stems from a Server Request Forgery SSRF vulnerability in the Import schedule feature...