PT-2026-27233 · Unknown · Connect-Cms

Odgrso

Publicado

2026-03-23

Atualizado

2026-03-24

CVE-2026-32300

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Connect-CMS versions 1.x through 1.41.0 Connect-CMS versions 2.x through 2.41.0

Description Connect-CMS is a content management system. An improper authorization issue exists in the My Page profile update feature, potentially allowing modification of arbitrary user information. Exploitation requires an attacker to access the affected functionality as an authenticated user, which could lead to account takeover.

Recommendations For the 1.x series, update to version 1.41.1 or later. For the 2.x series, update to version 2.41.1 or later.

Exploit

Correção

Improper Authorization

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-639

Identificadores relacionados

CVE-2026-32300

GHSA-QR6X-WVXR-8HM9

Produtos afetados

Connect-Cms

PT-2026-27233 · Unknown · Connect-Cms

CVE-2026-32300

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12