exploitDog

GHSA-pc82-888m-pq3g

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.

Ссылки

EPSS

Процентиль: 31%

0.00119

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-863

Связанные уязвимости

CVE-2018-8927

CVSS3: 5.4

nvd

больше 7 лет назад

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.

EPSS

Процентиль: 31%

0.00119

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-863