Mult-E-Cart Ultimate SQL注入漏洞

Mult-E-Cart Ultimate is an e-commerce platform script developed by the Indian company Mult-E-Cart. Version 2.4 of Mult-E-Cart Ultimate contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injection vulnerabilities present in the inventory, customer, supplier, and ord...

Improper Privilege Management in Snipe-IT

Snipe-IT prior to 5.3.9 is vulnerable to improper privilege management. A user who does not have access to the supplier module may view supplier content...

GHSA-V6VG-PXVV-G5CQ Improper Privilege Management in Snipe-IT

Snipe-IT prior to 5.3.9 is vulnerable to improper privilege management. A user who does not have access to the supplier module may view supplier content...

PT-2022-13275 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT versions prior to 5.3.9 Description: The issue concerns improper privilege management, allowing a user without access to the supplier module to view supplier content. Recommendations: For versions prior to 5.3.9, update to version...

Improper Privilege Management in snipe/snipe-it

Description It was found that if a user is not having access to supplier module, he can access and view the supplier content. Proof of Concept 1. Create two users, one admin and one normal user 2. A normal user is not having access to the supplier module. 3. But by enumeration the normal user vie...