What the vulnerability does
01Description
Missing Authorization vulnerability in Shahjada Live Forms liveforms.This issue affects Live Forms: from n/a through <= 4.8.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Shahjada Live Forms liveforms.This issue affects Live Forms: from n/a through <= 4.8.5.
Explanation of Vulnerability in Simple Terms
Live Forms versions 4.8.5 and earlier lack proper authorization checks, allowing an attacker to modify form data or settings without proper permissions. The vulnerability requires user interaction—typically clicking a malicious link—and affects only the integrity of form content, not confidentiality or availability. Site administrators should update to a version newer than 4.8.5 when available.
What an attacker can do
Modify form data or settings without authorization if a user clicks a malicious link.
Potential impact on your site
Form data or configuration could be altered by unauthorized users, potentially affecting form submissions or user experience.
Conditions required to exploit
No authentication required, but the victim must click a link or visit a page controlled by the attacker.
Key dates
External resources
Related vulnerabilities