Post ContentRead More ...
Continue Reading
August 09, 2022
Post ContentRead More ...
Continue Reading
August 09, 2022
# Description Via the `/api/upload/upload-by-url` endpoint is possible to upload an image via an URL provided by the user. The function that handles this upload, doesn't verify or validate the provide ...
Continue Reading
August 08, 2022
# Description The password change function doesn't properly handle the `Change Password` role, allowing to any user, that has this role enabled, to change the password of any user in the system, inclu ...
Continue Reading
August 08, 2022
# Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible password combination without any restriction. # Proof of ...
Continue Reading
August 08, 2022
# Description A unauthenticated user can read and download files of the application system by abusing the `filename` parameter, of the `/api/image/cover-upload`endpoint, that is not properly sanitized ...
Continue Reading
August 08, 2022
# Description A unauthenticated user can download, view the details and resources, and retrieve individual pages of any book in the system without any kind of authorization or authentication verificat ...
Continue Reading
August 08, 2022
# Description A unauthenticated user can delete any book item of any user reading list in the system without any authentication or authorization verification, via the `/api/readinglist/delete-item` AP ...
Continue Reading
August 08, 2022
Back to Main
