It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.