Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel
Summary An IDOR Insecure Direct Object Reference vulnerability in the Grav CMS Admin Panel allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin email addresses and other metadata can be exposed, increasing the risk...