CVE-2025-28103 Information

Description

Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.

Reference

https://gist.github.com/coleak2021/77895b7a7b335ae17eb57390f4a94917 https://github.com/DogukanUrker/flaskBlog/issues/130

Related CNNVD

CNNVD-202508-319 (Published: 2025-08-05)