| عنوان | Wekan <8.20 IDOR in setCreateTranslation. Non-admin could change Custom Tran |
|---|
| الوصف | Non-admin users could delete or modify custom translations by invoking translation operations without an admin check. The fix routes deletion through a server method and adds explicit admin authorization checks for translation modification paths. |
|---|
| المصدر | ⚠️ https://github.com/wekan/wekan/commit/f244a43771f6ebf40218b83b9f46dba6b940d7de |
|---|
| المستخدم | MegaManSec (UID 94702) |
|---|
| ارسال | 04/02/2026 06:32 PM (3 أشهر منذ) |
|---|
| الاعتدال | 08/02/2026 02:14 AM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344923 [WeKan حتى 8.18 Custom Translation translationBody.js setCreateTranslation تجاوز الصلاحيات] |
|---|
| النقاط | 16 |
|---|