Znuny Arbitrary User Preference Injection Vulnerability via Custom AJAX Calls

Vulnerability

A vulnerability exists in Znuny versions through 6.5.14 and 7.x through 7.1.6, allowing arbitrary user preferences to be set via custom AJAX calls to the AgentPreferences UpdateAJAX subaction. The injected keys and values are retrieved in their entirety when user data is fetched through GetUserData. This data can then be passed to other function calls, potentially impacting permissions or other settings.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of user preferences, which may be used to manipulate permissions or other settings within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Znuny Arbitrary User Preference Injection Vulnerability via Custom AJAX Calls

Vulnerability

Impact

Affected Products

Znuny

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating