CNNVD-202601-4623 Information
CNNVD ID
CNNVD-202601-4623
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
StudioCMS是StudioCMS开源的一个内容管理系统。 StudioCMS 0.2.0之前版本存在安全漏洞,该漏洞源于内容管理功能存在损坏的对象级别授权,可能导致具有访客角色的用户访问由编辑、管理员或所有者用户创建的草稿内容。
Description (English)
StudioCMS is an open-source content management system for StudioCMS. The security loophole in the pre-StudioCMS 0.2.0 resulted from the loss of target-level authorization for content management functions, which could lead to users with visitor roles accessing drafts created by editors, administrators or owners.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
StudioCMS
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0 https://github.com/withstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932
Patch
https://github.com/withstudiocms/studiocms/releases
Share on: