Product: Mezzanine CMS

Version: v6.0.0

Date found: 10.01.2024.

Date reported: 10.01.2024.

Vulnerability type: Incorrect Access Control.

CVE ID: CVE-2024-25169

Description: An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via crafted request.

POC is coming soon:)