wallabag/wallabag is vulnerable to Insecure Direct Object Reference. The vulnerability is due to improper authentication checks in the addTagFormAction
function of TagController.php
which allows an admin authenticated remote attacker to add tags and get direct access to objects in the internal database.
CPE | Name | Operator | Version |
---|---|---|---|
wallabag/wallabag | le | 2.5.3 | |
wallabag/wallabag | le | 2.5.3 |