What the vulnerability does
01Description
Missing Authorization vulnerability in redqteam Wishlist wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist: from n/a through <= 2.1.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in redqteam Wishlist wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist: from n/a through <= 2.1.0.
Explanation of Vulnerability in Simple Terms
The Wishlist product by RedQ Team contains a missing authorization flaw in versions up to 2.1.0. An authenticated user with low privileges can modify data they should not have access to. The vulnerability requires network access and an active login but no additional user interaction. Site administrators should update to a version newer than 2.1.0.
What an attacker can do
Modify data belonging to other users or the site without proper permission checks.
Potential impact on your site
Unauthorized users can alter wishlist data or other protected content if they have any account.
Conditions required to exploit
Attacker must have a low-privilege account and network access to the site.
Key dates
External resources