2023-10-26 16:19:41
icscert
PUBLISHED
The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.