[Shopify] Insufficent Authentication on Creating an Admin Account in Stocky ($1600 USD)
We discussed this vulnerability during Episode 103 on 29 November 2021
Missing, or maybe insufficient authentication checks on the /users/create_admin
endpoint allowed any user (even one not logged in) to create a new administrative account and gain full admin privileged within the Stocky app.