GHSA-5RMX-256W-8MJ9 WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level
Privilege Escalation to Admin via User Self-Update in wg-portal Summary Any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. After logging out and back in, the session picks up...