78 matches found
CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...
CVE-2024-0766
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...
IDOR Vulnerability in Template Creation via `projectId` Manipulation
Description An Insecure Direct Object Reference IDOR vulnerability exists in the POST /v1/templates endpoint of the Lunary API. This allows an authenticated user to create templates in another user’s project by modifying the projectId query parameter. This occurs due to a lack of server-side...
CVE-2024-13737
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motorscreatetemplate and motorsdeletetemplate functions in all versions up to, and including, 1.4.57. This makes it possible for...
The vulnerability of the graph creation function or graph template creation function of the Cacti network monitoring software allows a hacker to execute arbitrary code.
The vulnerability of the graph creation function or graph template creation function in the Cacti network monitoring software is related to improper handling of line separators. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
CVE-2024-56114
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...
The vulnerability of the library for optimizing machine learning models in Intel Neural Compressor lies in the failure to take measures to neutralize special elements in the template creation mechanism. This allows attackers to enhance their privileges.
The vulnerability of the Intel Neural Compressor library for optimizing machine learning models is related to the lack of measures taken to neutralize special elements in the template creation mechanism. Exploiting this vulnerability can allow a remote attacker to enhance their privileges...
CVE-2024-9917
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/templatecreat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The explo...
The vulnerability of the HTTP File Server, related to the failure to take measures to eliminate special elements in the template creation mechanism, allows attackers to execute arbitrary commands.
The vulnerability of the HTTP File Server is related to the lack of measures taken to neutralize special elements in the template creation mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted HTTP requests with the “search”...
WordPress Master Addons plugin <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification vulnerability
Missing Authorization to MA Template Creation or Modification vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.6.1...
The vulnerability of the software for centralized device management in Fortinet’s FortiManager system lies in errors during the elimination of specific elements in the template creation mechanism. This allows a malicious actor to execute arbitrary code.
The vulnerability of the software for centralized device management in Fortinet FortiManager is related to errors during the elimination of specific elements in the template creation mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created...
CVE-2024-0766
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...
The vulnerability of the OctoPrint 3D-printer controller, related to errors in eliminating special elements in the template creation mechanism, allows a violator to execute arbitrary code.
The vulnerability of the OctoPrint 3D-printer controller is related to errors during the neutralization of special elements in the template creation mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code...
Royal Elementor Addons < 1.3.60 - Menu Template Creation via CSRF
The plugin does not have CSRF check when creating menu templates, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-4103
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post as well as any post type with an...
WordPress Plugin Royal Elementor Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2023-13956 · WordPress · Royal Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons WordPress plugin versions prior to 1.3.56 Description: The issue is related to the lack of authorization and CSRF checks when creating a template. This could allow any authenticated users, such as subscribers, to...
Arbitrary template creation leading to Authenticated Remote Code Execution
Description Arbitrary File Write Reproduction Steps: 1. As a low privileged user, Create a new recipe and click on the "+" to add a New Asset. 2. Select a file, then proxy the request that will create the asset. 3. Update the values in the POST request to the ones shown below: POST...
The vulnerability of the template function for software-based Cisco WebEx Meetings allows a hacker to gain rights to create meeting templates.
The vulnerability of the template creation function for Cisco Webex Meetings software-related web conferencing solutions is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain permission to create meeting templates...
Cisco Webex Meetings Scheduled Meeting Template Creation Vulnerability
Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. A scheduled meeting template creation vulnerability exists in Cisco Webex Meetings versions prior to 40.7.0. The vulnerability stems from insufficient execution of authorization for scheduled meeting template creation...