GHSA-3h94-x92g-h9g5HighCVSS 8.1
Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS...
🔗 CVE IDs covered (1)
📋 Description
Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email addresses via crafted HTTP requests to /admin/servers/create and the AzLink API endpoints (/api/azlink/password, /api/azlink/email, /api/azlink/user/{id}).