9 matches found
CVE-2026-30927
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
EUVD-2026-10439
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
CVE-2026-30927 Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
CVE-2026-30927 Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
Vulnerability In modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. Line 47: $getUserUuid = admFuncVariableIsValid$GET, 'useruuid', 'uuid', ... Line 424: if...
PT-2026-24152
Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.6 Description Admidio is a user management solution. A flaw exists in the event participation logic within the modules/events/events function.php file. This allows any user permitted to participate in an event to...
CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...
UBUNTU-CVE-2024-23792
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2024-23792 Insufficient access control
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...