5 matches found
CVE-2023-1125
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own...
CVE-2023-1125
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own...
WordPress plugin Ruby Help Desk 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
The claimWinningTickets() function does not include a check to ensure that the caller owns the tickets, or if has already been claimed
Lines of code Vulnerability details The claimWinningTickets function in the contract contains multiple vulnerabilities that can result in a loss of funds for the contract and its users. Firstly, the function can be called by anyone, even if they are not the owner of the ticket, allowing malicious...
SUSE CVE-2018-12642
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user...