Qulture.Rocks: Privilege escalation from member user ( editor ) to admin user

ID H1:827595
Type hackerone
Reporter pain45
Modified 2020-03-25T21:04:46


Qulture.Rocks has multiple levels of admins, where you could manage parts of the application. One of those levels had a wrong configuration, which did not blocked it from updating its level to a higher one.

Our team worked rapidly to fix this issue, blocking said level of updating itself