| Название | LinkStackOrg LinkStack 4.8.6 Authorization Bypass |
|---|
| Описание | The application accepts user-supplied link IDs in multiple endpoints without verifying that the authenticated user owns the referenced link, allowing any registered user to modify, reorder, or delete resources belonging to other users. The pull request with the fix https://github.com/LinkStackOrg/LinkStack/pull/975/changes
|
|---|
| Источник | ⚠️ https://github.com/az10b/security-advisories/blob/main/idor_linkstack.md |
|---|
| Пользователь | AliAz (UID 74624) |
|---|
| Представление | 10.04.2026 07:05 (2 месяцы назад) |
|---|
| Модерация | 30.04.2026 16:38 (20 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 360312 [LinkStackOrg LinkStack до 4.8.6 Management Endpoint UserController.php saveLink эскалация привилегий] |
|---|
| Баллы | 19 |
|---|