What the vulnerability does
01Description
Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17.
Explanation of Vulnerability in Simple Terms
Sola Support Ticket versions 3.17 and earlier lack proper authorization checks, allowing authenticated users to modify support tickets they should not have access to. An attacker with a low-privilege account can change ticket data, including status and content, affecting the integrity of support records. Update to a version newer than 3.17 to resolve this issue.
What an attacker can do
Modify or change support tickets belonging to other users or restricted ticket data.
Potential impact on your site
Support ticket data can be altered by unauthorized users, compromising ticket integrity and support operations.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities