CVE-2017-11681

Published: 2017-07-27T06:29Z

Last Modified: 2024-11-21T03:08Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt