12 matches found
📄 Kalmia CMS 0.2.0 User Enumeration
Proof of concept exploit that demonstrates a user enumeration vulnerability via the JWT authentication API on Kalmia CMS version 0.2.0. ============================================================================================================================================= | Title : Kalmia CM...
EUVD-2025-201310
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...
CVE-2025-65899
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users usernotfound versus valid users with incorrect passwords invalidpassword. This observable response discrepancy allows...
CVE-2025-65899
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users usernotfound versus valid users with incorrect passwords invalidpassword. This observable response discrepancy allows...
CVE-2025-65900
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...
CVE-2025-65899
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users usernotfound versus valid users with incorrect passwords invalidpassword. This observable response discrepancy allows...
CVE-2025-65900
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...
PT-2025-49145
Name of the Vulnerable Software and Affected Versions Kalmia CMS version 0.2.0 Description Kalmia CMS version 0.2.0 has an issue with access control in the /kal-api/auth/users API endpoint. Insufficient permission validation and excessive data exposure in the backend allow an authenticated user...
CVE-2025-65899
Kalmia CMS v0.2.0 is affected by an authentication flaw described as an Observable Response Discrepancy. The login endpoint /kal-api/auth/jwt/create reveals existence of accounts by returning distinct messages: user_not_found for invalid usernames and invalid_password for valid usernames with a w...
CVE-2025-65900
Kalmia CMS 0.2.0 is affected by CVE-2025-65900 via the /kal-api/auth/users endpoint. The root cause is insufficient permission validation and excessive data exposure, enabling an authenticated user with basic read permissions to retrieve sensitive information for all platform users. A public PoC ...
Exploit for CVE-2025-65900
CVE-2025-65900: Kalmia CMS v0.2.0 - is vulnerable to Incorrect...
Exploit for CVE-2025-65899
CVE-2025-65899: Kalmia CMS v0.2.0 - is vulnerable to Observab...