3 matches found
CVE-2026-40474 wger has Broken Access Control in the Global Gym Configuration Update Endpoint
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permissionrequired = 'config.changegymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since GymConfig is an...
PT-2026-33301
Name of the Vulnerable Software and Affected Versions wger versions prior to 2.5 Description An improper access control issue exists in the GymConfigUpdateView component. The view declares a required permission config.change gymconfig but fails to enforce it at runtime because it inherits...
CVE-2023-24641
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php...