Vendor
Shiori contains a privilege escalation vulnerability in its account update endpoint that allows authenticated users to exploit this by sending a crafted PATCH request to modify the 'owner' field to 'true' without proper authorization checks, leading to administrative access and full system control.