N/A

Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level (including standard or low-privileged users), can make a GET request to this endpoint and retrieve a complete, unfiltered list of all registered application users. Crucially, the API response body for this endpoint includes password hashes.

N/A

N/A

Primakon Pi Portal 安全漏洞

Primakon Pi Portal是克罗地亚Primakon公司的一个项目、合同管理平台。 Primakon Pi Portal 1.0.18版本存在安全漏洞，该漏洞源于/api/v2/users端点访问控制不足，可能导致未经授权的数据泄露。

N/A

N/A