What the vulnerability does
01Description
Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.6.93.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.6.93.
Explanation of Vulnerability in Simple Terms
Login with Phone Number versions up to 1.6.93 lack proper authorization checks, allowing unauthenticated attackers to read, modify, or delete data without restriction. The vulnerability affects all core functionality and requires no user interaction. Site administrators should update immediately to a version newer than 1.6.93.
What an attacker can do
Read, modify, or delete any data on the site without logging in.
Potential impact on your site
Complete compromise of site data and functionality; attackers can access user accounts, modify content, and disrupt service.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources