EUVD-2021-19751

Malware in sbrugna...

CVE-2021-33031

In LabCup before...

CVE-2021-33031

In LabCup before v2next18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email...

Authentication flaw

In LabCup before v2next18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email...

CVE-2021-33031

In LabCup before v2next18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email...

CVE-2021-33031

CVE-2021-33031 affects LabCup (v2_next_18022 and earlier). The issue allows users without user-management privileges to manipulate the save API to change another user’s email, if the attacker knows the victim’s details (roles, IDs, remote authentication settings). Successful exploitation can lead...

LabCup 授权问题漏洞

LabCup is a laboratory and research organization software management system from LabCup Ireland. It helps academic researchers and safety officers with chemical inventory management, risk assessment and compliance. An authorization issue vulnerability exists in LabCup, which arises from the abili...