Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38638 | 1 Casbin | 1 Casdoor | 2023-08-08 | N/A | 9.1 CRITICAL |
| Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. | |||||
| CVE-2023-34927 | 1 Casbin | 1 Casdoor | 2023-06-28 | N/A | 6.5 MEDIUM |
| Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL. | |||||
| CVE-2022-44942 | 1 Casbin | 1 Casdoor | 2022-12-08 | N/A | 8.1 HIGH |
| Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | |||||
| CVE-2022-24124 | 1 Casbin | 1 Casdoor | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. | |||||