MantisBT: master-2.28 e3571c31
| Author | Committer | Branch | Timestamp | Parent |
|---|---|---|---|---|
| dregad | community | master-2.28 | 2026-06-27 12:11 | master-2.28 2d3a5537 |
| Affected Issues | 0037121: CVE-2026-47156: SOAP API Authentication Bypass -> Privilege Escalation to Administrator | |||
| Changeset | Prevent SOAP API auth bypass using cookie_string Verify that the given cookie actually belongs to the user trying to Username comparison is performed case insensitively. Fixes 0037121, GHSA-c2xg-qjqw-2v98 |
|||
| mod - api/soap/mc_api.php | Diff File | |||