Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an...
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.