Soumettre #639750: Github Papermerge 3.5.3 Improper Access Controlsinformation

TitreGithub Papermerge 3.5.3 Improper Access Controls
DescriptionPapermerge, developed by ciur, is vulnerable to Broken Function Level Authorization in its folder deletion functionality. A remote authenticated attacker can delete resources belonging to other users by supplying a valid authorization token from a different account. This allows unauthorized resource deletion, leading to loss of data integrity and availability.
La source⚠️ https://docs.google.com/document/d/19j0mCR-QOuhlxAJMir00Z8_MZdydVdmE_Ak09ra2NHw/edit?usp=sharing
Utilisateur
 unhingedazrael (UID 89347)
Soumission22/08/2025 09:37 (il y a 10 mois)
Modérer10/09/2025 12:09 (19 days later)
StatutAccepté
Entrée VulDB323482 [Papermerge DMS jusqu’à 3.5.3 Authorization Token élévation de privilèges]
Points18

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!