2 matches found
CVE-2023-27485
thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying subresults, it is possible to query subresults from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresult...
WordPress Simple Download Monitor Plugin <= 3.2.8 - Insufficient Authorisation
Because of this vulnerability, any user can access the "sdmtinygetpostids" action which will return a JSON encoded list of all "postid"and "posttitle" that were uploaded with this plugin. Solution Upgrade the plugin...