Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.
CPE | Name | Operator | Version |
---|---|---|---|
hashtopussy | eq | 0.2.0-rc1 | |
hashtopussy | eq | 0.3.1 | |
hashtopussy | eq | 0.2.0 | |
hashtopussy | eq | 0.3.0 | |
hashtopussy | eq | 0.2.0-beta | |
hashtopussy | eq | 0.3.2 | |
hashtopussy | eq | 0.4.0 |