“If it is affected, it allows only much of the right,” he said. If NEXT.js is used in an e-commerce site, for example, the threat to sign in as a normal customer and can check the use of the company on the frame, and check the security controls.
“You can enter in such aspects such as the appropriate administrator characteristics are approved by adding a simple head [to bypass security]”He said.
According to the investigators Rachid A and Yasser Allam, who found a hole, “the impact is evident, and all the affected species and there are no explorers.”
Source link