目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

ProfileGrid – User Profiles, Groups and Communities 产品漏洞列表 / CVE 中文分析 20

ProfileGrid – User Profiles, Groups and Communities 产品相关 20 条漏洞,AI 中文标题与摘要、CVSS、POC 一站汇总。

ベンダー: metagauss

CVE IDタイトルCVSS深刻度公開日
CVE-2026-2488 ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion CWE-862 4.3 Medium2026-03-07
CVE-2026-2494 ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial CWE-352 4.3 Medium2026-03-07
CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification CWE-639 5.3 Medium2026-02-05
CVE-2025-13416 ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension CWE-862 4.3 Medium2026-02-05
CVE-2025-6977 ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function CWE-79 6.1 Medium2025-07-16
CVE-2025-1408 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management CWE-862 4.3 Medium2025-03-22
CVE-2025-0724 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection CWE-502 8.8 High2025-03-22
CVE-2025-0723 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection CWE-89 6.5 Medium2025-03-22
CVE-2024-13740 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure CWE-639 4.3 Medium2025-02-18
CVE-2024-13741 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery CWE-918 5.4 Medium2025-02-18
CVE-2024-10900 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion CWE-862 6.5 Medium2024-11-20
CVE-2024-8861 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-09-26
CVE-2024-6410 ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference CWE-639 4.3 Medium2024-07-10
CVE-2024-6411 ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation CWE-269 8.8 High2024-07-10
CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization CWE-862 4.3 Medium2024-06-05
CVE-2024-3606 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization CWE-862 4.3 Medium2024-05-02
CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key CWE-321 4.9 Medium2023-08-31
CVE-2023-3714 ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation CWE-862 7.5 High2023-07-18
CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import CWE-862 5.4 Medium2023-07-18
CVE-2023-3713 ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update CWE-862 8.8 High2023-07-18

ProfileGrid – User Profiles, Groups and Communities 产品累计公开 20 条 CVE 漏洞,本页提供按时间倒序的完整列表,包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。