Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mass assignment vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2013-2113
The create method in app/controllers/users_controller.rb in Foreman prior to 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Theforeman Foreman
Redhat Openstack 3.0
Theforeman Foreman 1.1
1 EDB exploit
383
VMScore
CVE-2020-24940
An issue exists in Laravel prior to 6.18.34 and 7.x prior to 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.
Laravel Laravel
356
VMScore
CVE-2013-2506
app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x prior to 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.
Spreecommerce Spree 1.1.1
Spreecommerce Spree 1.1.3
Spreecommerce Spree 1.2.1
Spreecommerce Spree 1.2.3
Spreecommerce Spree 1.1.4
Spreecommerce Spree 1.1.5
Spreecommerce Spree 1.1.6
Spreecommerce Spree 1.2.0
Spreecommerce Spree 1.3.0
Spreecommerce Spree 1.3.1
Spreecommerce Spree 1.3.2
Spreecommerce Spree 1.1.0
Spreecommerce Spree 1.1.2
Spreecommerce Spree 1.2.2
Spreecommerce Spree 1.2.4
445
VMScore
CVE-2008-7309
Insoshi prior to 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote malicious users to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability.
Insoshi Insoshi
445
VMScore
CVE-2008-7310
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote malicious users to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerabili...
Spreecommerce Spree 0.2.0
570
VMScore
CVE-2021-27582
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect up to and including 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the...
Mitreid Connect
1 Github repository
445
VMScore
CVE-2012-2055
GitHub Enterprise prior to 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote malicious users to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass as...
Github Github
578
VMScore
CVE-2019-17605
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this ...
Eyecomms Eyecms
356
VMScore
CVE-2018-20301
An issue exists in Steve Pallen Coherence prior to 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically...
Coherence Project Coherence
516
VMScore
CVE-2013-7080
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 up to and including 4.5.31, 4.7.0 up to and including 4.7.16, and 6.0.0 up to and including 6.0.11 allows remote malicious users to write to arbitrary fields in the co...
Typo3 Typo3 6.0.6
Typo3 Typo3 6.0.7
Typo3 Typo3 6.0.4
Typo3 Typo3 6.0.5
Typo3 Typo3 6.0
Typo3 Typo3 6.0.1
Typo3 Typo3 6.0.8
Typo3 Typo3 6.0.9
Typo3 Typo3 6.0.2
Typo3 Typo3 6.0.3
Typo3 Typo3 6.0.10
Typo3 Typo3 6.0.11
Typo3 Typo3 4.5.29
Typo3 Typo3 4.5.30
Typo3 Typo3 4.5.13
Typo3 Typo3 4.5.14
Typo3 Typo3 4.5.15
Typo3 Typo3 4.5.21
Typo3 Typo3 4.5.22
Typo3 Typo3 4.5.4
Typo3 Typo3 4.5.5
Typo3 Typo3 4.5.28
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »