2 matches found
CVE-2021-43835 Privilege escalation in the Sulu Admin panel
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not...
CVE-2021-43835
CVE-2021-43835 concerns Sulu CMS (PHP, Symfony) where users with access to any admin UI subset can elevate privileges. The issue stems from the ProfileController putAction introduced in 2.0.0-RC1, enabling a user to grant themselves permissions to areas they should not access. Affected versions i...