In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade snipe/snipe-it to version 8.6.2 or higher.
snipe/snipe-it is an asset management system built on Laravel.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') through the Accessory model mass assignment process. An attacker can manipulate inventory records of other tenants by supplying a crafted company_id value in the API request body. This is only exploitable if Full Multiple Companies Support (FMCS) is enabled.