Enjin Bug Bounty Program Statistics | BugBountyHunter.com

You are viewing our old website

We are busy working on a brand new website and platform. All of the content on this website is considered out-dated, however challenges and our members section are working as before. Stay tuned for updates!

Enjin Program Statistics

11 total issues disclosed

$1,950 total paid publicly

Most disclosed (3 disclosures) — Improper Access Control - Generic

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Unauthenticated File Upload to CDN	Improper Access Control - Generic	ph0r3nsic	Medium	2026-05-18
Unauthenticated GraphQL access by prepending __schema to private operations	Authentication Bypass	pwnie	Medium	2025-12-05
Host header injection leads to account takeover	Improper Neutralization of HTTP Headers for Scripting Syntax	ndizon_	High	2024-10-15
Race Condition on Create API Function	Leveraging Race Conditions	mosalah1102	None	2024-10-15
Cloudflare /cdn-cgi/ path allows resizing images from unauthorised sources on enjinusercontent.com	Code Injection	19whoami19	Low	2024-06-19
Lack of Tenant Scoping Enables Limited Cross-Tenant Data Querying and Mutation	Improper Access Control - Generic	tushar_rec0n	Critical	2024-01-25
Weak Email Verification: Newly Registered Users Can Bypass Email Verification Step and Log In	Improper Authentication - Generic	alpernae	Medium	2024-01-19
Revocation API Token by Bypassing The XSRF Token	Cross-Site Request Forgery (CSRF)	alpernae	Critical	2024-01-19
Authentication token and CSRF token bypass	Improper Access Control - Generic	whiteshadow201	High	2022-06-19
CSRF Bypassed on Logout Endpoint	Cross-Site Request Forgery (CSRF)	er_salil	Low	2022-06-17
Race condition via project team member invitation system.	Business Logic Errors	akashhamal0x01	Low	2022-06-17