Critical Account Takeover and Privilege Escalation in usememos/memos
Dec 22nd 2022
Critical account takeover and privilege escalation vulnerability allow a low privilege user to take over admin account by using change password functionality.
In a normal user, select change password Change the user ID to 1 as it is the admin account user ID Admin account is taken over immediately
Low privilege user could take over admin account