Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elabftw vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-31178
eLabFTW is an electronic lab notebook manager for research teams. A vulnerability exists which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds ...
Elabftw Elabftw
6.5
CVSSv2
CVE-2022-31007
eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrato...
Elabftw Elabftw
6.5
CVSSv2
CVE-2021-43834
eLabFTW is an electronic lab notebook manager for research teams. In versions before 4.2.0 there is a vulnerability which allows an malicious user to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It i...
Elabftw Elabftw
6.5
CVSSv2
CVE-2021-43833
eLabFTW is an electronic lab notebook manager for research teams. In versions before 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that...
Elabftw Elabftw
4
CVSSv2
CVE-2021-41171
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW prior to 4.1.0, it allows malicious users to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been a...
Elabftw Elabftw
4
CVSSv2
CVE-2021-32698
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an malicious user to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0....
Elabftw Elabftw
9
CVSSv2
CVE-2019-12185
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be ...
Elabftw Elabftw 1.8.5
1 EDB exploit
1 Github repository
3.5
CVSSv2
CVE-2017-1000478
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.
Elabftw Elabftw 1.7.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started