PT-2026-24454 · Linkace · Linkace
Kovah
·
Published
2026-03-10
·
Updated
2026-03-10
·
CVE-2026-30954
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
LinkAce versions prior to 2.1.1
Description
LinkAce is a self-hosted archive for collecting website links. Versions 2.1.0 and earlier contain an issue where the
processTaxonomy() method within the LinkRepository.php file allows authenticated users to associate tags and lists belonging to other users with their own links. This is achieved by submitting integer IDs.Recommendations
Update to version 2.1.1 or later.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linkace