2024-10-11 00:00:00
mitre
PUBLISHED
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.