What the vulnerability does
01Description
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2.
Explanation of Vulnerability in Simple Terms
02Summary
The UPC/EAN/GTIN Code Generator through version 2.0.2 lacks proper authorization checks, allowing authenticated users with low privileges to modify or delete data they should not access. An attacker with a basic user account can alter code generation settings or disable functionality for other users. No confidentiality breach occurs, but data integrity and availability are at risk.
What an attacker can do
03Attacker Capabilities
Modify or delete code generation data and settings belonging to other users or the system.
Potential impact on your site
04Site Impact
Legitimate users may find their code generation settings altered or unavailable; data integrity cannot be guaranteed.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site; no special interaction required.
Key dates
06Disclosure timeline
April 1, 2025
CVE published
April 28, 2026
Record updated