What the vulnerability does
01Description
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
Explanation of Vulnerability in Simple Terms
Debug Log Manager through version 2.3.1 lacks proper authorization checks, allowing authenticated users with low privileges to modify log data. An attacker with a basic user account can alter debug logs without restriction, potentially covering tracks or corrupting audit trails. The vulnerability requires valid site credentials but no special permissions.
What an attacker can do
Modify or delete debug logs to cover their tracks or corrupt audit records.
Potential impact on your site
Audit logs can be tampered with by any logged-in user, compromising your ability to detect or investigate suspicious activity.
Conditions required to exploit
Attacker must have a low-privilege authenticated account on the site.
Key dates
External resources
Related vulnerabilities