In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Publify | Publify_project | 9.0.0 (including) | 9.2.4 (including) |