CVE-2013-2629

Name of the Vulnerable Software and Affected Versions Leed (Light Feed) versions prior to 1.5 Stable

Description The issue allows remote attackers to bypass authorization. This can be achieved via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in the "action.php" endpoint.

Recommendations For versions prior to 1.5 Stable, update to version 1.5 Stable or later to resolve the issue. As a temporary workaround, consider restricting access to the "action.php" endpoint to minimize the risk of exploitation. Avoid using the importForm, importFeed, addFavorite, and removeFavorite actions in the "action.php" endpoint until the issue is resolved.