Filtered by vendor Casbin
Subscriptions
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-38638 | 1 Casbin | 1 Casdoor | 2023-08-08 | 9.1 Critical |
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. | ||||
CVE-2023-34927 | 1 Casbin | 1 Casdoor | 2023-06-28 | 6.5 Medium |
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL. | ||||
CVE-2022-44942 | 1 Casbin | 1 Casdoor | 2022-12-08 | 8.1 High |
Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | ||||
CVE-2022-24124 | 1 Casbin | 1 Casdoor | 2022-04-05 | 7.5 High |
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. |
Page 1 of 1.