CVE-2025-65032
Rallly is affected by an Insecure Direct Object Reference (IDOR) vulnerability in the Participant Display Name Modification feature. Prior to version 4.5.4, any authenticated user could change another participant’s display name by manipulating the participantId parameter in a rename request, comp...