What the vulnerability does
01Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through <= 3.1.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through <= 3.1.4.
Explanation of Vulnerability in Simple Terms
Vitepos versions 3.1.4 and earlier contain an authentication bypass vulnerability that allows an attacker with low-level privileges to gain full read, write, and delete access to the system. The vulnerability stems from improper authentication validation (CWE-288) and requires only network access and valid low-privilege credentials to exploit. No user interaction is needed.
What an attacker can do
Read, modify, and delete sensitive data; escalate privileges from low to full system access.
Potential impact on your site
A low-privilege user can compromise the entire Vitepos installation, accessing all data and potentially disrupting service.
Conditions required to exploit
Attacker must have valid low-privilege account credentials and network access to the application.
Key dates
External resources
Related vulnerabilities