CVE-2019-15953

Name of the Vulnerable Software and Affected Versions Total.js CMS version 12.0.0

Description An issue in Total.js CMS allows an authenticated user with limited privileges to access a resource they do not own by calling the associated "API". The product manages privileges correctly only for the front-end resource path, but not for "API" requests, leading to vertical and horizontal privilege escalation.

Recommendations For Total.js CMS version 12.0.0, consider restricting access to the associated API until a patch is available to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this issue.