In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Missing Authorization vulnerabilities in an interactive lesson.
Start learningUpgrade craftcms/cms to version 4.17.8, 5.9.14 or higher.
craftcms/cms is a content management system.
Affected versions of this package are vulnerable to Missing Authorization in the assets/preview-thumb endpoint when a user with Control Panel access but without asset-view permission requests a preview for a private asset. An attacker can obtain signed fallback transform preview links for private assets by supplying an attacker-controlled assetId parameter, potentially exposing sensitive asset data to unauthorized users.