2 matches found
CVE-2026-35023 Wimi Teamwork On-Premises < 8.2.0 IDOR via preview.php
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...
PT-2026-31307
Name of the Vulnerable Software and Affected Versions Wimi Teamwork On-Premises versions prior to 8.2.0 Description Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference issue in the /preview.php endpoint. The item id parameter does not have sufficient...