Name of the Vulnerable Software and Affected Versions DevelopmentAdmin (affected versions not specified)

Description The issue concerns a missing permission check in the buildDefaults method on DevelopmentAdmin. Specifically, when accessing the /dev/build/defaults endpoint, the action is performed without a login check, unlike accessing /dev/build, which prompts for a login first. This lack of protection could allow unauthorized modification of database state through the requireDefaultRecords() method on each DataObject class. Additionally, it may provide attackers with insights into the database structure and used modules by listing all modified tables.

Recommendations As a temporary workaround, consider restricting access to the /dev/build/defaults endpoint until a proper permission check is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.