Further, a malicious user can modify the value of the 'image_id' parameter to any existing image id. There are no access controls to prevent a user from manipulating information on images that are in albums to which they do not have access.
The text was updated successfully, but these errors were encountered:
CVE-2020-9468 reported by Zak S.
The text was updated successfully, but these errors were encountered: