An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
https://github.com/redteambrasil/nuclei-templates
https://docs.google.com/document/d/14DYoZfKN__As8gBXMFae7wChKJXpmbuUdMn2Gf803Lw/edit
https://docs.google.com/document/d/14DYoZfKN__As8gBXMFae7wChKJXpmbuUdMn2Gf803Lw