85 matches found
CVE-2026-43948
wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the trainer-login process. An attacker can gain unauthorized access to higher-privileged accounts by chaining session states and bypassing permission checks. Remediation There is no fixed version for wge...
CVE-2026-43977
creationtimestamp| type| source ---|---|--- 2026-05-14 12:37:19+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-cj9g-27ph-4cgv...
CVE-2026-43978
creationtimestamp| type| source ---|---|--- 2026-05-14 12:36:41+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-9qpr-vc49-hqg2...
CVE-2026-43948
wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...
CVE-2026-43948
wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...
CVE-2026-43948 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...
CVE-2026-43948 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...
wger 安全漏洞
WGER is an open-source project developed by the WGER Team, built using Django for hosting self-hosted FLOSS fitness/exercise, nutrition, and weight tracking applications. Versions of WGER prior to 2.6 contained security vulnerabilities. These vulnerabilities stemmed from the use of Python object...
wger: trainer_login open redirect - ?next= parameter not validated against host
Summary The trainerlogin view in wger redirects to request.GET'next' directly via HttpResponseRedirect without calling urlhasallowedhostandscheme. After the trainer successfully enters impersonation mode, their browser is redirected to any attacker-controlled URL supplied in the ?next= parameter,...
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
Summary The resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...
PT-2026-38284
Name of the Vulnerable Software and Affected Versions wger versions prior to 2.6 Description An authorization bypass exists in the reset user password and gym permissions user edit views. The system performs a gym-scope authorization check using a Python object comparison that evaluates None !=...
CVE-2026-43948
creationtimestamp| type| source ---|---|--- 2026-04-28 08:06:13+00:00| published-proof-of-concept| https://github.com/wger-project/wger/security/advisories/GHSA-mhc8-p3jx-84mm...
CVE-2026-40353
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attributionlink property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields such as licenseauthor without escaping, and templates render the result using Django's...
CVE-2026-40474
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permissionrequired = 'config.changegymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since GymConfig is an...
CVE-2026-40474
CVE-2026-40474 - wger : In versions 2.5 and below, GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but uses WgerFormMixin (which enforces ownership checks) instead of the permission-enforcing mixin. Since GymConfig is a singleton without get_owner_object(), the permis...
CVE-2026-40353 wger: Stored XSS via Unescaped License Attribution Fields
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attributionlink property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields such as licenseauthor without escaping, and templates render the result using Django's...
CVE-2026-40353 wger: Stored XSS via Unescaped License Attribution Fields
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attributionlink property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields such as licenseauthor without escaping, and templates render the result using Django's...
CVE-2026-40353
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attributionlink property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields such as licenseauthor without escaping, and templates render the result using Django's...
wger 安全漏洞
wger is an open-source FLOSS fitness/exercise, nutrition, and weight tracking application developed using Django by the wger Project. Versions of wger 2.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the fact that the GymConfigUpdateView declared a...