Improper Authorization in publify/publify
Oct 11th 2021
I found an IDOR in publify But I don't know this is intended or not ?
If we assume that admins or publishers want to upload a media file and don't want to publish it and keep it private until the publish date there is a IDOR vulnerability here.
for example I upload a .gif file and this file don't used in any where of my site :
Here the link:
any user can see and download this file.