a basic user can escalate his privileges using a known exploit.
salmankhwaja opened this issue · comments
Salman, Khwaja commented
Techbrunch commented
Which version did you test ? I think this was fixed in 0.14.9: https://github.com/pantsel/konga/blob/0.14.9/api/policies/updateUser.js#L40-L63