Lucene search

K

14Finger Security Vulnerabilities - February

cve

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id.

9.1CVSS

7.7AI Score

0.0005EPSS

2024-07-05 04:15 PM

31

cve

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.

8.8CVSS

7.2AI Score

0.001EPSS

2024-07-05 04:15 PM

25