Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-26679

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 May, 2021 | 11:53
Updated At-04 Aug, 2024 | 15:56
Rejected At-
Credits

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profile description or supply a new profile image. This can lead to potential cross-site scripting attacks on any user, or upload malicious PHP webshells as "profile pictures." The user IDs can be easily determined by other responses from the API for an event or chat room.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 May, 2021 | 11:53
Updated At:04 Aug, 2024 | 15:56
Rejected At:
▼CVE Numbering Authority (CNA)

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profile description or supply a new profile image. This can lead to potential cross-site scripting attacks on any user, or upload malicious PHP webshells as "profile pictures." The user IDs can be easily determined by other responses from the API for an event or chat room.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://vfairs.com
x_refsource_MISC
https://api.vfairs.com/v1/profiles
x_refsource_MISC
https://api.vfairs.com/v1/profiles?access_key=
x_refsource_MISC
https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack
x_refsource_MISC
Hyperlink: http://vfairs.com
Resource:
x_refsource_MISC
Hyperlink: https://api.vfairs.com/v1/profiles
Resource:
x_refsource_MISC
Hyperlink: https://api.vfairs.com/v1/profiles?access_key=
Resource:
x_refsource_MISC
Hyperlink: https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://vfairs.com
x_refsource_MISC
x_transferred
https://api.vfairs.com/v1/profiles
x_refsource_MISC
x_transferred
https://api.vfairs.com/v1/profiles?access_key=
x_refsource_MISC
x_transferred
https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack
x_refsource_MISC
x_transferred
Hyperlink: http://vfairs.com
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://api.vfairs.com/v1/profiles
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://api.vfairs.com/v1/profiles?access_key=
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:26 May, 2021 | 12:15
Updated At:12 Jul, 2022 | 17:42

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profile description or supply a new profile image. This can lead to potential cross-site scripting attacks on any user, or upload malicious PHP webshells as "profile pictures." The user IDs can be easily determined by other responses from the API for an event or chat room.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N
CPE Matches
vfairs
vfairs
>>vfairs>>3.3
cpe:2.3:a:vfairs:vfairs:3.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-639Primarynvd@nist.gov
CWE ID: CWE-639
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://vfairs.comcve@mitre.org
Vendor Advisory
https://api.vfairs.com/v1/profilescve@mitre.org
Vendor Advisory
https://api.vfairs.com/v1/profiles?access_key=cve@mitre.org
Vendor Advisory
https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attackcve@mitre.org
Third Party Advisory
Hyperlink: http://vfairs.com
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://api.vfairs.com/v1/profiles
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://api.vfairs.com/v1/profiles?access_key=
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

160Records found
CVE-2026-6063
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.16%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 05:34
Updated-16 May, 2026 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge requests due to improper access control.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-3292
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.16%
||
7 Day CHG~0.00%
Published-12 Apr, 2025 | 06:37
Updated-08 Apr, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to update other user's passwords, if they have access to the user ID and email.

Action-Not Available
Vendor-wpeverestwpeverest
Product-user_registration_\&_membershipUser Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-3282
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.88%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-13 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form.

Action-Not Available
Vendor-codedropzUnknown
Product-drag_and_drop_multiple_file_upload_-_contact_form_7Drag and Drop Multiple File Upload – Contact Form 7
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-30852
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.41%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 11:10
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).

Action-Not Available
Vendor-withknownn/a
Product-knownn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-5182
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.49%
||
7 Day CHG~0.00%
Published-26 May, 2025 | 11:00
Updated-03 Jun, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Summer Pearl Group Vacation Rental Management Platform Listing authorization

A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as critical. This vulnerability affects unknown code of the component Listing Handler. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-summerpearlgroupSummer Pearl Group
Product-vacation_rental_management_platformVacation Rental Management Platform
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-26660
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.36%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 00:36
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Access Control in SAP Fiori apps (Posting Library)

SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.

Action-Not Available
Vendor-SAP SE
Product-SAP Fiori apps (Posting Library)
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-29434
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-1.58% / 81.77%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 20:19
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.

Action-Not Available
Vendor-spiffypluginsSpiffy Plugins
Product-spiffy_calendarSpiffy Calendar
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-27108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.55%
||
7 Day CHG~0.00%
Published-06 Apr, 2022 | 14:40
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.

Action-Not Available
Vendor-orangehrmn/a
Product-orangehrmn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-0442
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.63%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 08:16
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.

Action-Not Available
Vendor-ayecodeUnknown
Product-userswpUsersWP – User Registration & User Profile
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-46249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.73%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 22:13
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.

Action-Not Available
Vendor-scratchoauth2_projectn/a
Product-scratchoauth2n/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found