CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3749 – SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
https://notcve.org/view.php?id=CVE-2024-3749
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user El complemento SP Project & Document Manager de WordPress hasta la versión 4.71 carece de controladores de acceso adecuados y permite que un usuario que haya iniciado sesión vea y descargue archivos que pertenecen a otro usuario. The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.71 via the cdm_file_list AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and download other user's files. • https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3748 – SP Project & Document Manager <= 4.71 - Data Update via IDOR
https://notcve.org/view.php?id=CVE-2024-3748
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user El complemento SP Project & Document Manager de WordPress hasta la versión 4.71 le falta validación en su función de carga, lo que permite al usuario manipular el `user_id` para que parezca que un archivo fue subido por otro usuario. The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.71 via the sp_cdm_link_save_embed AJAX action to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that look like they were uploaded by another user. • https://wpscan.com/vulnerability/01427cfb-5c51-4524-9b9d-e09a603bc34c • CWE-639: Authorization Bypass Through User-Controlled Key •