What the vulnerability does
01Description
Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
Explanation of Vulnerability in Simple Terms
HappyFiles Pro versions up to 1.8.1 lack proper authorization checks, allowing authenticated users to modify or delete files and folders they should not have access to. An attacker with a low-privilege account can escalate their capabilities within the file management system. The vulnerability requires valid login credentials but no additional user interaction.
What an attacker can do
Modify or delete files and folders beyond their assigned permissions.
Potential impact on your site
Authenticated users can tamper with or remove files they shouldn't access, risking data loss and site integrity.
Conditions required to exploit
Valid login account with low privileges; network access to the site.
Key dates
External resources
Related vulnerabilities