Versions prior to 1.2.4 are affected. The issue was fixed in version 1.2.5.
The authentication process checks the cookies to see if the user has a given role. The user and role defined in the cookie is not validated during this process. An attacker can add a cookie (shown below) in order to bypass ...
The authentication process checks the cookies to see if the user has a given role. The user and role defined in the cookie is not validated during this process. An attacker can add a cookie (shown below) in order to bypass ...
[ more ]