In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Mend

Published: 2021-11-02T06:55:09

Updated: 2024-08-03T20:19:19.019Z

Reserved: 2021-01-22T00:00:00

Link: CVE-2021-25973

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-02T07:15:07.053

Modified: 2024-11-21T05:55:42.540

Link: CVE-2021-25973

cve-icon Redhat

No data.