In affected versions USOC allows for SQL injection via register.php. USOC is an open source CMS with a focus on simplicity. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. ![]() They will be able to do everything an approved user can do. ![]() A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. This allows attackers to enumerate the registered users' email addresses.ĭiscourse is an open source discussion platform. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. ![]() Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |