CVE-2022-1753 MEDIUM

CVE-2022-1753: WoWonder Group requests.php access control

Vendor Unspecified

Product WoWonder

Weakness CWE-284

Published May 17, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public.

Key dates

02Disclosure timeline

May 17, 2022 CVE published

April 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1753 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2026-25702 nftables disabled due to incorrect kernel backport CVE-2025-3665 TOTOLINK A3700R cstecgi.cgi setSmartQosCfg access control CVE-2021-28507 An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent. CVE-2024-23920 ChargePoint Home Flex Improper Access Control CVE-2019-3779 Cloud Foundry Container Runtime allows a user to bypass security policy when talking to ETCD