target:https://github.com/flusity/flusity-CMS version: v2.33
Flusity-CMS v2.33 discovered an unauthorized vulnerability that url is /cover/addons/social_block_links/action/add_addon.php
This is user has a name cs.The user is administrator.
This is user has a name cs2.The user is ordinary users.
By using the permissions of CS2 to execute, this function can be successfully exceeded
successed