Primakon Pi Portal User Data Access Vulnerability via Email Parameter Manipulation

Vulnerability

A vulnerability in the Primakon Pi Portal version 1.0.18 allows for unauthorized access to user data through the manipulation of the email parameter in the /api/V2/pp_users endpoint. The lack of proper server-side validation enables an attacker to impersonate another user and access their data and privileges. Additionally, leaving the email parameter blank defaults to the first user in the list, usually the administrator, leading to unauthorized privilege escalation.

Impact

Exploitation of this vulnerability allows for account takeover by accessing another user's data and privileges. If the email parameter is left blank, the first user in the list, typically the administrator, is accessed, resulting in privilege escalation to the highest level.

Added: Nov 25, 2025, 6:19 PM

Updated: Nov 25, 2025, 10:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Primakon Pi Portal User Data Access Vulnerability via Email Parameter Manipulation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating