2 matches found
CVE-2025-55736
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...
CVE-2025-55736
CVE-2025-55736 affects flaskBlog up to version 2.8.0 (and earlier). The root cause is in the routes/adminPanelUsers file, where an arbitrary user can elevate their role to admin , gaining high-privilege capabilities (e.g., delete users, posts, comments). Connected sources confirm the affected sof...