What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0.
Explanation of Vulnerability in Simple Terms
CouponXL versions 4.5.0 and earlier contain a critical vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, or disrupt service without any user interaction. The vulnerability stems from improper privilege controls (CWE-266) and can be exploited remotely over the network. All users should update immediately to a version newer than 4.5.0.
What an attacker can do
Read sensitive data, modify site content, or disable the site without logging in.
Potential impact on your site
Attackers can steal customer data, alter coupon terms, or take the coupon system offline without warning.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities