2 matches found
CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...
CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...