What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
Explanation of Vulnerability in Simple Terms
WPAMS for Joomla versions up to 44.0 contain an insufficient privilege validation flaw. An authenticated user with low-level permissions can read, modify, or delete sensitive data and perform administrative actions they should not have access to. The vulnerability requires a valid user account but no additional user interaction. Sites running affected versions should update immediately.
What an attacker can do
Read, modify, or delete data and perform admin actions without proper authorization.
Potential impact on your site
Unauthorized users can access and alter sensitive site data, user accounts, and configuration.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the Joomla site.
Key dates
External resources