Security hole - Front- & Back-End Development - Front- & Back-End Development - Progress Community
 Front- & Back-End Development

Security hole

  • Security hole
  • Scenario: Logged in as a user with backend access, but only permission granted is View for a custom module created with the module builder.

    Issue: When viewing the content items, there is a "Content types" link in the sidebar. Clicking this link launches the module builder, and from here I am able to deactivate the module.

    Regards,
    Gary