📦 Studiocms

This vulnerability allows any authenticated user, even with the lowest 'visitor' role, to bypass authorization checks and perform unauthorized file operations on S3 storage. Affected systems are Studi...

This vulnerability allows any authenticated user with at least Editor permissions in StudioCMS to generate API tokens for any other user, including administrative accounts. This results in full privil...

This vulnerability allows any authenticated admin user in StudioCMS to generate password reset tokens for any other user, including the highest-privileged owner account. This enables complete account ...

StudioCMS versions before 0.4.3 have inconsistent authorization checks between REST API and Dashboard API user creation endpoints. This allows authenticated admin users to create additional admin acco...

StudioCMS versions before 0.2.0 contain a Broken Object Level Authorization vulnerability that allows users with the 'Visitor' role to access draft content created by Editor, Admin, or Owner users. Th...