CVE-2021-4364

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchaddjobimportschedulecall function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls...

CVE-2023-45152

Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that n...

Server side request forgery (ssrf)

Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that n...

CVE-2023-45152 Blind Server Side Request Forgery (SSRF) in remote schedule import feature in Engelsystem

Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that n...

CVE-2023-45152

CVE-2023-45152 applies to Engelsystem, a shift planning system. Description: a Blind SSRF in the Import schedule feature allows a local port scan against the host environment. Root cause is a server-side request forgery in the import workflow. The advisory notes the issue has been fixed in commit...

Engelsystem Code Issue Vulnerability

Engelsystem is an open source shift scheduling system from Engelsystem. Engelsystem has a code issue vulnerability that stems from a Server Request Forgery SSRF vulnerability in the Import schedule feature...