Medium
CVSS: 5.3
A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed fro…
Critical
CVSS: 9.8
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform v…
High
CVSS: 8.8
Teedy
High
CVSS: 7.5
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.