Alunxzhou

**Name of the Vulnerable Software and Affected Versions** Himool ERP versions up to 2.2 **Description** A security issue exists in Himool ERP. This issue involves improper authorization due to manipulation of the `update account` function within the AdminActionViewSet component. The vulnerable file is located at the API endpoint '/api/admin/update account/'. The issue is remotely exploitable and the exploit is publicly available. **Recommendations** Versions prior to 2.3 should be updated. As a temporary workaround, consider restricting access to the '/api/admin/update account/' API endpoint until a patch is available.