CWE-639

SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc.

Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.

Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter.

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.

SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php component.

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2.

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.

CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass authorization validation and gain full application control, circumventing restrictions on SuperAdmin account creation and privilege assignment.

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/{id}/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create(). Invalid amount values (non-numeric strings) cause an unhandled exception and HTTP 500. A unit ID from a different Space can be associated cross-space, leaking foreign-key references across tenant boundaries. All other endpoints creating ShoppingListEntry use ShoppingListEntrySerializer, which validates and sanitizes these fields. This vulnerability is fixed in 2.6.4.

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.   NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The vulnerability was learned to be remediated through reporter information and testing.

Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/{account_handle}/{project_handle}/previews/{preview_id} endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-level authorization plug (AuthorizationPlug, :preview) authorizes the caller against the project encoded in account_handle/project_handle — which the attacker controls — and then the action deletes whichever preview's UUID is supplied. The check therefore guards the wrong project.

Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee (first names, last names, roles, job titles, and vacation records, among others) by modifying that identifier in requests sent to the server.

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account's metadata and permissions instead of rejecting the request. This leads to a Denial of Service (DoS) on administrative functions and Privilege De-escalation of the root account. This vulnerability is fixed in 2.0.0-beta.2.

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversation_change_customer action accepts any supplied customer_email. A low-privileged agent can forge a request and bind a visible conversation to a hidden customer in another mailbox. This issue has been patched in version 1.8.214.

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive information on the targeted system.