2 matches found
CVE-2026-43978
CVE-2026-43978 describes a privilege-escalation in wger prior to version 2.6 where a gym trainer can chain two trainer-login calls to impersonate higher-privileged users (gym manager/general manager). The root cause is a logic error in wger/core/views/user.py: after the first hop, session["traine...
PT-2024-24817 · Sap · Sap Enable Now Manager
Name of the Vulnerable Software and Affected Versions: SAP Enable Now Manager affected versions not specified Description: The issue is related to the lack of necessary authorization checks for authenticated users, leading to escalation of privileges. An attacker with the 'Learner' role could...