What the vulnerability does
01Description
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
Explanation of Vulnerability in Simple Terms
Live Forms versions 4.8.4 and earlier lack proper authorization checks, allowing authenticated users with low privileges to modify or delete data they should not access. The vulnerability requires a valid user account but no special interaction. Integrity and availability of form data are at risk.
What an attacker can do
Modify or delete form data belonging to other users or the site.
Potential impact on your site
Form submissions and data may be altered or deleted by unauthorized users with basic access.
Conditions required to exploit
Attacker must have a valid user account with low-level privileges on the site.
Key dates
External resources
Related vulnerabilities