What the vulnerability does
01Description
Missing Authorization vulnerability in Quý Lê 91 Administrator Z administrator-z allows Privilege Escalation.This issue affects Administrator Z: from n/a through <= 2025.03.24.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Missing Authorization vulnerability in Quý Lê 91 Administrator Z administrator-z allows Privilege Escalation.This issue affects Administrator Z: from n/a through <= 2025.03.24.
Explanation of Vulnerability in Simple Terms
Administrator Z versions up to 2025.03.24 lack proper authorization checks, allowing authenticated users with low privileges to perform administrative actions they should not have access to. An attacker with a standard user account can read, modify, or delete sensitive data and disrupt site operations. The vulnerability requires valid login credentials but no additional user interaction.
What an attacker can do
Read, modify, or delete data and perform administrative actions with a low-privilege user account.
Potential impact on your site
Unauthorized users can compromise data integrity, access confidential information, and disrupt site availability.
Conditions required to exploit
Valid login credentials with low-level user privileges; network access to the application.
Key dates
External resources