| शीर्षक | LinkStackOrg LinkStack 4.8.6 Authorization Bypass |
|---|
| विवरण | The application accepts user-supplied link IDs in multiple endpoints without verifying that the authenticated user owns the referenced link, allowing any registered user to modify, reorder, or delete resources belonging to other users. The pull request with the fix https://github.com/LinkStackOrg/LinkStack/pull/975/changes
|
|---|
| स्रोत | ⚠️ https://github.com/az10b/security-advisories/blob/main/idor_linkstack.md |
|---|
| उपयोगकर्ता | AliAz (UID 74624) |
|---|
| सबमिशन | 10/04/2026 07:05 AM (2 महीनों पहले) |
|---|
| संयम | 30/04/2026 04:38 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360312 [LinkStackOrg LinkStack तक 4.8.6 Management Endpoint UserController.php saveLink अधिकार वृद्धि] |
|---|
| अंक | 19 |
|---|