With AI models becoming more and more powerful, it is assumed that bugs previously not found will be found and essentially be public knowledge.
For real security issues please direct message me Profile - michael - Moqui Forum or reach me directly via another method you know of. Any diffs that ARE NOT clean, fixes one problem with minimal lines, and aren’t easily human readable will be closed. Also, please provide a reproducible script, a link to the exact code problem, and an explanation of why it’s a security problem for one of the following conditions:
- privilege escalation (low permissions to ADMIN usergroup)
- authentication failures such as a bypass
- sql injection outside of screens like sqlrunner and groovy runner (obviously)