4 matches found
Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...
CVE-2025-13236
A vulnerability was identified in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from the fact that by directly specifying the ID of a table or view, a malicious user can blindly...
PT-2024-35350 · Nextcloud · Nextcloud Tables
Name of the Vulnerable Software and Affected Versions: Nextcloud Tables versions prior to 0.8.0 Description: The issue allows a malicious user to insert new rows into tables they have no access to by directly specifying the ID of a table or view. Recommendations: For versions prior to 0.8.0,...