CVE-2025-0614 MEDIUM

CVE-2025-0614: Input validation vulnerability in Qualifio's Wheel of Fortune

Vendor Qualifio
Product Wheel of fortune
Weakness CWE-22 · Path traversal
Published January 21, 2025
Last update January 21, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted.

Key dates

02Disclosure timeline

January 21, 2025 CVE published
January 21, 2025 Record updated