4 matches found
CVE-2026-35173
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...
CVE-2026-35173 Chyrp Lite has an IDOR via Mass Assignment in Post Model
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...
CVE-2026-35173
Summary of CVE-2026-35173 (Chyrp Lite): Before 2026.01, the Post model vulnerable to an IDOR/mass assignment flaw allows authenticated users with post-edit permissions (Edit Post, Edit Draft, Edit Own Post, Edit Own Draft) to modify posts they do not own. Attacker can inject internal class proper...
chyrp-lite 安全漏洞
Chyrp-Lite is a self-hosted blog and website platform developed by Daniel Pimley. Versions of Chyrp-Lite prior to version 2026.01 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object references or bulk assignment issues in the Post model, which could lead ...