10 matches found
CVE-2026-35488
CVE-2026-35488 affects Tandoor Recipes where RecipeBookViewSet and RecipeBookEntryViewSet exposed a flawed CustomIsShared permission: has_object_permission() returns True for all HTTP methods, letting shared (read-only) users delete or overwrite a RecipeBook. The root cause is the permission chec...
EUVD-2026-19673
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...
CVE-2026-35488 Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...
PT-2026-30861
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.has object permission returns True for all HTTP methods —...
Nanjing Thing Orange Information Technology Co., Ltd. home recipe book APP has information leakage vulnerability
Home-Cooked Recipe Book APP is a food recipe software. Nanjing Thing Orange Information Technology Co., Ltd. has an information leakage vulnerability in Home Recipe Book APP, which can be exploited by attackers to obtain sensitive information...
Weight Loss Recipe Book 3.1 SQL Injection
Weight Loss Recipe Book 3.1 Autore: x0r Emails: [email protected] \ [email protected] Cms Site: http://www.my-health-and-fitness.org/weight-loss-recipe-book.html Bug In \wlrbfiles\admin-login.php SELECT FROM ' . $programprefix . 'administrators WHERE administratorsusername = "'...
Weight Loss Recipe Book 3.1 (Auth Bypass) SQL Injection Vuln
No description provided by source. Weight Loss Recipe Book 3.1 Autore: x0r Emails: [email protected] \ [email protected] Cms Site: http://www.my-health-and-fitness.org/weight-loss-recipe-book.html Bug In \wlrbfiles\admin-login.php SELECT FROM ' . $programprefix . 'administrators WHERE...
Weight Loss Recipe Book 3.1 - Authentication Bypass
Weight Loss Recipe Book 3.1 - Authentication Bypass Weight Loss Recipe Book 3.1 Autore: x0r Emails: [email protected] \ [email protected] Cms Site: http://www.my-health-and-fitness.org/weight-loss-recipe-book.html Bug In \wlrbfiles\admin-login.php SELECT FROM ' . $programprefix . 'administrators WHE...
Weight Loss Recipe Book 3.1 (Auth Bypass) SQL Injection Vuln
Exploit for unknown platform in category web applications ============================================================ Weight Loss Recipe Book 3.1 Auth Bypass SQL Injection Vuln ============================================================ Weight Loss Recipe Book 3.1 Autore: x0r Cms Site:...
Weight Loss Recipe Book 3.1 - Authentication Bypass
Weight Loss Recipe Book 3.1 Autore: x0r Emails: [email protected] \ [email protected] Cms Site: http://www.my-health-and-fitness.org/weight-loss-recipe-book.html Bug In \wlrbfiles\admin-login.php SELECT FROM ' . $programprefix . 'administrators WHERE administratorsusername = "'...