6 matches found
Server-side Request Forgery (SSRF)
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the fetchmetadata.php process. An attacker can access internal network resources or sensitive clo...
Improper Verification of Cryptographic Signature
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper validation of SAML signatures in the authentication and logout...
Incorrect Authorization
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Incorrect Authorization due to an inverted authorization check in the twofactorauthentication.php process. An attacker can remove...
Missing Authorization
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Missing Authorization in the itemdelete, itemretire, itemreinstate, itempictureupload, itempicturesave, and itempicturedelete endpoin...
PT-2024-1852 · Basercms · Basercms
Name of the Vulnerable Software and Affected Versions: baserCMS versions prior to 5.0.9 Description: The issue is related to an OS Command Injection vulnerability in the site search feature of baserCMS. This vulnerability can be exploited by a remote attacker to execute arbitrary commands. The...
PT-2023-5707 · Graylog · Graylog
Name of the Vulnerable Software and Affected Versions: Graylog versions prior to 5.0.9 Graylog versions prior to 5.1.3 Description: The issue is related to the incorrect session expiration in a multi-node Graylog cluster. After a user has explicitly logged out, a user session may still be used fo...