2026-02-10 05:52:35
Axis
PUBLISHED
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.