GHSA-2XFC-G69J-X2MP Craft CMS: Entries Authorship Spoofing via Mass Assignment
Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign...