Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the adminorownerrequired function in avatarview.py. An attacker can alter other users' profile images by sending crafted requests while authenticated with standard user privileges...