What the vulnerability does
01Description
Missing Authorization vulnerability in gunnarpayday Payday payday allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payday: from n/a through <= 3.3.18.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in gunnarpayday Payday payday allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payday: from n/a through <= 3.3.18.
Explanation of Vulnerability in Simple Terms
Payday versions 3.3.18 and earlier lack proper authorization checks, allowing unauthenticated attackers to access sensitive information over the network. The vulnerability affects the scope beyond the vulnerable component itself. No user interaction is required to exploit this issue. Site administrators should update to a version newer than 3.3.18.
What an attacker can do
Read sensitive information without authentication.
Potential impact on your site
Unauthorized users can access confidential data exposed by the Payday application.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources