2 results (0.004 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40530
https://notcve.org/view.php?id=CVE-2024-40530
05 Aug 2024 — A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. • https://critical.lt/blog/authorization-bypass-and-mass-assignment-in-pantera-crm •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40531
https://notcve.org/view.php?id=CVE-2024-40531
05 Aug 2024 — A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions. • https://critical.lt/blog/authorization-bypass-and-mass-assignment-in-pantera-crm •