publify_core is vulnerable to business logic errors. The vulnerability exists in update_params
function of content_controller.rb
because the password field present in the form is not accepted by the controller which allows an attacker to exploit this flaw since the article is always public.
CPE | Name | Operator | Version |
---|---|---|---|
publify_core | le | 9.2.6 | |
publify_core | le | 9.2.6 |