Lucene search
K

9 matches found

Veracode
Veracode
added 2026/05/08 8:6 a.m.16 views

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient validation of team membership permissions in the Add Channel Member API, which allows an attacker to exploit the API endpoint to access user metadata and channel membership...

4.3CVSS7.2AI score0.00162EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2025/11/14 6:2 p.m.6 views

CVE-2025-11777

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

4.3CVSS6.7AI score0.00162EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/11/13 6:31 p.m.9 views

Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API, which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

4.3CVSS6.7AI score0.00162EPSS
Exploits0References6Affected Software5
Snyk
Snyk
added 2025/11/13 6:31 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to properly validating team membership permissions in the Add Channel Member API. An attacker can obtain unauthorized access to user metadata and channel membership information from other teams by sending...

4.3CVSS6.6AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2025/11/13 6:31 p.m.5 views

GHSA-MQCJ-8C2G-H97Q Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API, which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

3.1CVSS6.6AI score0.00162EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/05/30 2:22 p.m.8 views

CVE-2025-1792 Improper Access Control in Mattermost Channel Member API

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint...

3.1CVSS6.9AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/13 12:0 a.m.4 views

FineCms controllers/member/Api.php file SQL injection vulnerability

FineCms is a content management system CMS developed using MVC architecture and PDO database interface. A SQL injection vulnerability exists in the controllers/member/Api.php file in FineCms version 5.2.0, which stems from the program failing to perform effective filtering. A remote attacker can...

9.8CVSS8.2AI score0.02548EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/11/21 1:0 p.m.17 views

CVE-2017-16920

v5/config/system.php in dayrui FineCms 5.2.0 has a default SYSKEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php...

9.5AI score0.02141EPSS
Exploits0References2
seebug.org
seebug.org
added 2015/09/15 12:0 a.m.44 views

FineCMS高级版前台getshell(demo成功)

简要描述: demo也shell了哦 详细说明: 看到\member\api\uc.php define'DISCUZROOT', dirnamedirnamedirnameFILE.'/member/ucenter/'; include DISCUZROOT.'api/uc.php'; 就是包含了uc的那个插件。但是这个功能只有高级版才有,免费版没有 然后uckey都是默认的 8808cer8o1UJsEpt2G2Jn0uhEn/YgEva589Mfo0 然后就可以直接getshell了 附上脚本 ! /usr/bin/env python coding=utf-8 import...

7.1AI score
Exploits0
Rows per page
Query Builder