| 제목 | LinkStackOrg LinkStack 4.8.6 Authorization Bypass |
|---|
| 설명 | The application accepts user-supplied link IDs in multiple endpoints without verifying that the authenticated user owns the referenced link, allowing any registered user to modify, reorder, or delete resources belonging to other users. The pull request with the fix https://github.com/LinkStackOrg/LinkStack/pull/975/changes
|
|---|
| 원천 | ⚠️ https://github.com/az10b/security-advisories/blob/main/idor_linkstack.md |
|---|
| 사용자 | AliAz (UID 74624) |
|---|
| 제출 | 2026. 04. 10. AM 07:05 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 04. 30. PM 04:38 (20 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 360312 [LinkStackOrg LinkStack 까지 4.8.6 Management Endpoint UserController.php saveLink 권한 상승] |
|---|
| 포인트들 | 19 |
|---|