target:https://github.com/flusity/flusity-CMS version: v2.33
Flusity-CMS v2.33 discovered an unauthorized vulnerability that url is /core/tools/delete_customblock.php
This is user has a name cs.The user is administrator.
This is user has a name cs2.The user is ordinary users.
By using the permissions of CS2 to execute, this function can be successfully exceeded
successed