| عنوان | LinkStackOrg LinkStack 4.8.6 Authorization Bypass |
|---|
| الوصف | The application accepts user-supplied link IDs in multiple endpoints without verifying that the authenticated user owns the referenced link, allowing any registered user to modify, reorder, or delete resources belonging to other users. The pull request with the fix https://github.com/LinkStackOrg/LinkStack/pull/975/changes
|
|---|
| المصدر | ⚠️ https://github.com/az10b/security-advisories/blob/main/idor_linkstack.md |
|---|
| المستخدم | AliAz (UID 74624) |
|---|
| ارسال | 10/04/2026 07:05 AM (2 أشهر منذ) |
|---|
| الاعتدال | 30/04/2026 04:38 PM (20 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 360312 [LinkStackOrg LinkStack حتى 4.8.6 Management Endpoint UserController.php saveLink تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|