5 matches found
GHSA-JWCC-GV4M-93X6 Pimcore has a CustomReports Share Bypass
Summary CustomReports uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports based on report-sharing rules - The detail flow only checks generic reports or reportsconfig permissions As a result, a low-privileged backe...
Pimcore has a CustomReports Share Bypass
Summary CustomReports uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports based on report-sharing rules - The detail flow only checks generic reports or reportsconfig permissions As a result, a low-privileged backe...
CVE-2025-7148
creationtimestamp| type| source ---|---|--- 2025-07-08 00:11:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltfzalp2zr2e...
PHPGurukul Daily Expense Tracker System 安全漏洞
Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. The Daily Expense Tracker System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the fromdate/todate parameter of file...
CVE-2023-7100
A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate/tdate leads to sql injection. It is possible to launch the attack...