Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
mass assignment vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-24940
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment....
Laravel Laravel
NA
CVE-2008-7309
Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability....
Insoshi Insoshi
NA
CVE-2013-2506
app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves....
Spreecommerce Spree 1.1.1
Spreecommerce Spree 1.1.3
Spreecommerce Spree 1.2.1
Spreecommerce Spree 1.2.3
Spreecommerce Spree 1.1.4
Spreecommerce Spree 1.1.5
Spreecommerce Spree 1.1.6
Spreecommerce Spree 1.2.0
Spreecommerce Spree 1.3.0
Spreecommerce Spree 1.3.1
Spreecommerce Spree 1.3.2
Spreecommerce Spree 1.1.0
Spreecommerce Spree 1.1.2
Spreecommerce Spree 1.2.2
Spreecommerce Spree 1.2.4
NA
CVE-2013-7080
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted...
Typo3 Typo3 6.0.6
Typo3 Typo3 6.0.7
Typo3 Typo3 6.0.4
Typo3 Typo3 6.0.5
Typo3 Typo3 6.0
Typo3 Typo3 6.0.1
Typo3 Typo3 6.0.8
Typo3 Typo3 6.0.9
Typo3 Typo3 6.0.2
Typo3 Typo3 6.0.3
Typo3 Typo3 6.0.10
Typo3 Typo3 6.0.11
Typo3 Typo3 4.5.29
Typo3 Typo3 4.5.30
Typo3 Typo3 4.5.13
Typo3 Typo3 4.5.14
Typo3 Typo3 4.5.15
Typo3 Typo3 4.5.21
Typo3 Typo3 4.5.22
Typo3 Typo3 4.5.4
Typo3 Typo3 4.5.5
Typo3 Typo3 4.5.28
Typo3 Typo3 4.5.11
Typo3 Typo3 4.5.12
Typo3 Typo3 4.5.2
Typo3 Typo3 4.5.20
Typo3 Typo3 4.5.27
Typo3 Typo3 4.5.3
Typo3 Typo3 4.5.31
Typo3 Typo3 4.5.0
Typo3 Typo3 4.5.16
Typo3 Typo3 4.5.17
Typo3 Typo3 4.5.23
Typo3 Typo3 4.5.24
Typo3 Typo3 4.5.6
Typo3 Typo3 4.5.7
Typo3 Typo3 4.5.1
Typo3 Typo3 4.5.10
Typo3 Typo3 4.5.18
Typo3 Typo3 4.5.19
Typo3 Typo3 4.5.25
Typo3 Typo3 4.5.26
Typo3 Typo3 4.5.8
Typo3 Typo3 4.5.9
Typo3 Typo3 4.7.12
Typo3 Typo3 4.7.13
Typo3 Typo3 4.7.3
Typo3 Typo3 4.7.4
Typo3 Typo3 4.7.10
Typo3 Typo3 4.7.14
Typo3 Typo3 4.7.15
Typo3 Typo3 4.7.5
Typo3 Typo3 4.7.6
Typo3 Typo3 4.7.11
Typo3 Typo3 4.7.1
Typo3 Typo3 4.7.2
Typo3 Typo3 4.7.9
Typo3 Typo3 4.7.16
Typo3 Typo3 4.7.0
Typo3 Typo3 4.7.7
Typo3 Typo3 4.7.8
NA
CVE-2008-7310
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability....
Spreecommerce Spree 0.2.0
NA
CVE-2012-2055
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass...
Github Github Enterprise
9.1
CVSSv3
CVE-2021-27582
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth...
Mitreid Connect
8.8
CVSSv3
CVE-2019-17605
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this...
Eyecomms Eyecms
6.5
CVSSv3
CVE-2018-20301
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can...
Coherence Project Coherence
NA
CVE-2014-3514
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls....
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.3
Rubyonrails Rails 4.0.7
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.0.8
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.0.4
Rubyonrails Rails 4.0.5
Rubyonrails Rails 4.1.1
1 Github repository available
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-32034
CVE-2022-2285
IMAP
CVE-2021-26855
CVE-2022-32030
CVE-2022-26763
inject
CVE-2022-32039
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »