CVE-2017-15052
CVE-2017-15052 affects TeamPass prior to 2.1.27.9. An authenticated manager can bypass access control in requests to delete or modify users via users.queries.php by tampering parameters (e.g., changing the id in delete_user). The root cause is improper enforcement of manager-level permissions, al...