PT-2026-33772 · Givanz · Vvveb
Hamed Kohi
+1
·
Published
2026-04-20
·
Updated
2026-04-20
·
CVE-2026-34427
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role id=1 into profile save requests to escalate to Super Administrator privileges, enabling plugin upload functionality for remote code execution.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vvveb