5 matches found
All-in-one Floating Contact Form < 2.1.4 - Unauthenticated Unauthorised Action
Description The plugin does not have authorisation check in a function, which could allow unauthenticated users to perform an unauthorised action...
CVE-2023-6542 Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL...
Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin
The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. PoC Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user,...
CVE-2020-5328
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur...
Authorization Bypass
foreman-tasks is vulnerable to authorization bypass. An unprivileged user is able to view tasks details via the web UI and the API using the UUID of a task. This vulnerability is caused by a lack of authorization checks...