📦 Project Contract Management

Primakon Pi Portal 1.0.18 has an insecure direct object reference vulnerability in its /api/v2/pp_users endpoint that allows any authenticated user to escalate privileges to administrator. This affect...

This vulnerability allows any authenticated low-privileged user in Primakon Pi Portal to impersonate any other user, including administrators, by exploiting broken authorization in the user impersonat...

Primakon Pi Portal 1.0.18 has a broken access control vulnerability in its user registration endpoint that allows unauthenticated attackers to create new user accounts in the local database. This bypa...

Primakon Pi Portal 1.0.18's /api/v2/users endpoint lacks proper access controls, allowing any authenticated user to retrieve a complete list of all registered users including their password hashes. Th...