Product: Mezzanine CMS

Version: v6.0.0

Date found: 10.01.2024.

Date reported: 10.01.2024.

Vulnerability type: Incorrect Access Control.

CVE ID: CVE-2024-25170

Description: An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host Header.

POC is coming soon:)