CVE-2026-29204
CriticalSummary
Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's account.
Risk Assessment
The organization may be exposed to unauthorized access to user accounts, potentially leading to data breaches or unauthorized actions on accounts.
Recommendation
It is recommended to implement proper ownership verification mechanisms for all operations related to `addonId` to prevent unauthorized access.
Original NVD description (English source)
Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's account.

