What the vulnerability does
01Description
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a through <= 1.3.5.
Explanation of Vulnerability in Simple Terms
02Summary
Contentstudio versions up to 1.3.5 lack proper authorization checks, allowing authenticated users with low privileges to modify data they should not have access to. The vulnerability requires a valid user account but no special interaction. An attacker can alter content or settings through direct API or interface manipulation. Update to a version newer than 1.3.5 to remediate.
What an attacker can do
03Attacker Capabilities
Modify data or settings they lack permission to change.
Potential impact on your site
04Site Impact
Unauthorized users may alter site content, settings, or other users' data depending on their role.
Conditions required to exploit
05Prerequisites
Valid user account with low privileges; network access to the application.
Key dates
06Disclosure timeline
May 7, 2025
CVE published
April 28, 2026
Record updated