Business Logic Errors in publify/publify
Feb 3rd 2022
It was found that if a user tries to create an article, and want to make that article private, the functionality is not working.
Proof of Concept
- Create an article
- Click on publish and you will see the option to visibility to make it private, but functionality is not designed properly.
This will lead in making every article public which a user does not want to disclose.
Matijs van Zuijlen validated this vulnerability a year ago
shubh123-tri has been awarded the disclosure bounty
The fix bounty is now up for grabs
Matijs van Zuijlen marked this as fixed in 9.2.7 with commit 16fcee a year ago
This vulnerability will not receive a CVE
to join this conversation