2 matches found
CVE-2024-32003 Dusk plugin may allow unfettered user authentication in misconfigured installs
wn-dusk-plugin Dusk plugin is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment such as headless Chrome to act as a user in the Backend or User plugin without having ...
Multiple Registration - Critical - Access bypass - SA-CONTRIB-2019-048
This module enables you to use special routes for user registration with special roles and custom field sets defined for the role. The module doesn't sufficiently check which user roles can be registered under the scenario when the user tries to register the user with the administrator role. This...