PT-2024-32957 · Cubewp · Cubewp

Abdi Pranata

Published

2024-11-01

Updated

2024-11-13

CVE-2024-48039

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CubeWP – All-in-One Dynamic Content Framework versions 1.1.15 and earlier

Description The issue affects the CubeWP – All-in-One Dynamic Content Framework due to a Missing Authorization vulnerability. This vulnerability allows for the exploitation of incorrectly configured access control security levels.

Recommendations For CubeWP – All-in-One Dynamic Content Framework versions 1.1.15 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to sensitive areas of the framework to minimize the risk of exploitation.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2024-48039

Affected Products

Cubewp

PT-2024-32957 · Cubewp · Cubewp

CVE-2024-48039

Weakness Enumeration

Related Identifiers

Affected Products

References · 6