PT-2022-17745 · Wowonder · Wowonder
Fariq Fadillah
·
Published
2022-03-27
·
Updated
2022-04-05
·
CVE-2022-26254
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WoWonder The Ultimate PHP Social Network Platform version 4.0.0
Description
The issue allows unauthenticated attackers to arbitrarily change group ID names due to an access control problem.
Recommendations
For WoWonder The Ultimate PHP Social Network Platform version 4.0.0, consider restricting access to group ID name modification functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wowonder