What the vulnerability does
01Description
Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through <= 3.2.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through <= 3.2.7.
Explanation of Vulnerability in Simple Terms
StaffList versions 3.2.7 and earlier contain an authorization bypass that allows authenticated users to modify data they should not have access to. The vulnerability requires a valid user account but no special privileges. An attacker with low-level access can alter information without proper permission checks.
What an attacker can do
Modify data in StaffList without proper authorization.
Potential impact on your site
Unauthorized users can alter StaffList records, potentially corrupting staff data or exposing sensitive information.
Conditions required to exploit
Attacker must have a valid user account with low-level privileges.
Key dates
External resources
Related vulnerabilities