Description
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through <= 2.6.3.
Problem types
Authorization Bypass Through User-Controlled Key
Product status
Any version
Credits
Ananda Dhakal (Patchstack)
References
patchstack.com/...ct-references-idor-vulnerability?_s_id=cve