Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.