Lucene search
+L

608 matches found

Cvelist
Cvelist
added 2024/04/16 12:0 a.m.15 views

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS9.3AI score0.00783EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:0 a.m.20 views

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS7.2AI score0.00783EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.3 views

PT-2024-15530 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm repository affected versions not specified Description: A mass assignment vulnerability exists in the "/api/invite/:code" endpoint, allowing unauthorized creation of high-privileged accounts. By intercepting and...

9.1CVSS8.9AI score0.00783EPSS
Exploits1References8
NVD
NVD
added 2024/04/10 5:15 p.m.17 views

CVE-2024-3283

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

7.2CVSS7AI score0.0095EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.15 views

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

7.2CVSS7.2AI score0.0095EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.28 views

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

7.2CVSS7.2AI score0.0095EPSS
Exploits1References2
OSV
OSV
added 2024/04/10 5:7 p.m.13 views

CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

7.2CVSS7AI score0.0095EPSS
Exploits1References4
CVE
CVE
added 2024/04/10 5:7 p.m.121 views

CVE-2024-3283

CVE-2024-3283 concerns mintplex-labs/anything-llm. A mass-assignment flaw in the /admin/system-preferences endpoint lets users with the Manager role modify the multi_user_mode variable, enabling access to /api/system/enable-multi-user and the creation of a new admin user. The root cause is the en...

7.2CVSS7AI score0.0095EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/03/06 10:55 a.m.21 views

BIT-LARAVEL-2020-24940

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/31 10:33 p.m.25 views

CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.8AI score0.00817EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/11/17 1:31 p.m.35 views

CVE-2023-44350 ColdFusion | Deserialization of Untrusted Data (CWE-502)

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

9.8CVSS9.7AI score0.64558EPSS
Exploits0References1
Prion
Prion
added 2023/08/24 11:15 p.m.14 views

Design/Logic Flaw

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

6.5CVSS8.6AI score0.00717EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.8 views

PT-2023-23590

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description A Mass assignment vulnerability was found in Netmaker that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in...

8.8CVSS7.2AI score0.00717EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2023/05/26 12:0 a.m.295 views

Ulicms 2023.1 Create Administrator

Exploit Title: Ulicms 2023.1 - create admin user via mass assignment Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: create admin user via mass assignment Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/05/26 12:0 a.m.312 views

Ulicms 2023.1 - create admin user via mass assignment Vulnerability

Exploit Title: Ulicms 2023.1 - create admin user via mass assignment Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: create admin user via mass assignment Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/25 12:0 a.m.367 views

Ulicms 2023.1 - create admin user via mass assignment

Exploit Title: Ulicms 2023.1 - create admin user via mass assignment Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: create admin user via mass assignment Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

7.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.6 views

SUSE CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS6.6AI score0.13911EPSS
Exploits0References13
Veracode
Veracode
added 2023/01/27 8:38 a.m.13 views

Improper Access Control

cakephp/cakephp is vulnerable to Improper Access Control. The vulnerability exists due to mass assignment issues when multiple POST requests manipulate the same model allowing an attacker to perform cross form submissions to the SecurityComponent...

3.9AI score
Exploits0
OSV
OSV
added 2023/01/20 11:22 p.m.21 views

GHSA-J9Q2-F9Q7-JHGQ CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...

7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/01/20 11:22 p.m.17 views

CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...

2.8AI score
Exploits0References4Affected Software1
Rows per page
Query Builder