| 标题 | LinkStackOrg LinkStack 4.8.6 Authorization Bypass |
|---|
| 描述 | The application accepts user-supplied link IDs in multiple endpoints without verifying that the authenticated user owns the referenced link, allowing any registered user to modify, reorder, or delete resources belonging to other users. The pull request with the fix https://github.com/LinkStackOrg/LinkStack/pull/975/changes
|
|---|
| 来源 | ⚠️ https://github.com/az10b/security-advisories/blob/main/idor_linkstack.md |
|---|
| 用户 | AliAz (UID 74624) |
|---|
| 提交 | 2026-04-10 07時05分 (2 月前) |
|---|
| 管理 | 2026-04-30 16時38分 (20 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 360312 [LinkStackOrg LinkStack 直到 4.8.6 Management Endpoint UserController.php saveLink 权限提升] |
|---|
| 积分 | 19 |
|---|