Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).

Craft CMS version 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate). This security flaw allows unauthorized access to the migration functionality, potentially enabling attackers to execute unauthorized operations on the content management system. The vulnerability affects the application's migration endpoint which is typically used for database migrations and system updates. Proof-of-concept code has been made available on GitHub, increasing the risk of exploitation. Organizations using affected versions of Craft CMS should prioritize patching to prevent potential unauthorized access.