What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
Explanation of Vulnerability in Simple Terms
Favethemes Homey versions up to 2.4.1 contain a privilege escalation vulnerability that allows unauthenticated attackers to gain full control of the site without user interaction. The vulnerability stems from improper access controls that fail to restrict sensitive operations. An attacker can read, modify, or delete any data and execute arbitrary code on the server.
What an attacker can do
Run code on the site, read all data, modify or delete content, and take full control without needing a password.
Potential impact on your site
Complete compromise of the site and all data; attacker gains admin-level access instantly.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources