GHSA-RR73-568V-28F8 Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic
Summary A business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account'...