What the vulnerability does
01Description
Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities.This issue affects ProfileGrid : from n/a through <= 5.9.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities.This issue affects ProfileGrid : from n/a through <= 5.9.3.
Explanation of Vulnerability in Simple Terms
ProfileGrid versions up to 5.9.3 lack proper authorization checks, allowing an attacker to modify data through user interaction. The vulnerability requires no authentication but does require the victim to visit a malicious link or page. Integrity of site data can be compromised without affecting confidentiality or availability.
What an attacker can do
Modify site data by tricking a user into visiting a malicious link.
Potential impact on your site
Site data can be altered by unauthorized parties if users are socially engineered.
Conditions required to exploit
Victim must click a link or visit an attacker-controlled page; no login required.
Key dates
External resources
Related vulnerabilities