2 matches found
CVE-2021-42192
CVE-2021-42192 affects KONGA v0.14.9 with an incorrect access control that allows privilege escalation via a crafted request. The attack vector demonstrated in the Nuclei template targets /api/user/{ID} with ADMIN privileges, enabling higher-privilege administration access. The underlying issue i...
CVE-2023-26987
CVE-2023-26987 affects Konga 0.14.9, where a crafted POST request enables remote attackers to manipulate user accounts regardless of privilege. The connected sources confirm the issue and describe the impact as unauthorized account manipulation via network-accessible input, with the root cause de...