Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email addresses via crafted HTTP requests to /admin/servers/create and the AzLink API endpoints (/api/azlink/password, /api/azlink/email, /api/azlink/user/{id}).
References
Configurations
No configuration.
History
17 Jun 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-17 15:17
Updated : 2026-06-17 17:17
NVD link : CVE-2026-54415
Mitre link : CVE-2026-54415
CVE.ORG link : CVE-2026-54415
JSON object : View
Products Affected
No product.
