What the vulnerability does
01Description
Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through <= 1.0.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through <= 1.0.0.
Explanation of Vulnerability in Simple Terms
The Tours product by Tosin Oguntuyi versions 1.0.0 and earlier lack proper authorization checks. A logged-in user with low privileges can modify data they should not have access to. The vulnerability does not expose sensitive information or disrupt service availability, but allows unauthorized changes to site content or settings.
What an attacker can do
Modify data or settings without proper authorization as a low-privilege logged-in user.
Potential impact on your site
Unauthorized users may alter tours, bookings, or other protected data depending on the product's function.
Conditions required to exploit
Attacker must have a low-privilege account on the site and network access to the application.
Key dates
External resources