Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()

Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user (or an unauthenticated user who has been sent a shared URL) can escalate their privileges to admin by abusing UsersController->actionImpersonateWithToken. This issue has been patched in versions 4.17.6 and 5.9.12.

N/A

授权机制不正确

Craft CMS 安全漏洞

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 4.0.0-RC1至4.17.6之前版本和5.0.0-RC1至5.9.12之前版本存在安全漏洞，该漏洞源于低权限用户或收到共享链接的未经验证用户可能滥用UsersController->actionImpersonateWithToken提升权限至管理员。

N/A

N/A