Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
casbin casdoor vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-24124
The query API in Casdoor prior to 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
Casbin Casdoor
5 Github repositories
8.1
CVSSv3
CVE-2022-44942
Casdoor before v1.126.1 exists to contain an arbitrary file deletion vulnerability via the uploadFile function.
Casbin Casdoor
6.5
CVSSv3
CVE-2023-34927
Casdoor v1.331.0 and below exists to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows malicious users to arbitrarily change the victim user's password via supplying a crafted URL.
Casbin Casdoor
9.1
CVSSv3
CVE-2022-38638
Casdoor v1.97.3 exists to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.
Casbin Casdoor 1.97.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started