Rubikscraft

**Name of the Vulnerable Software and Affected Versions** Wiki.js (affected versions not specified) **Description** The issue affects Wiki.js, a wiki app built on Node.js, where an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths. This is possible by specifying a different target page ID while keeping the path intact, due to incorrect access control checks against user-provided values instead of the actual path associated with the page ID. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.