What the vulnerability does
01Description
Missing Authorization vulnerability in Projectopia Projectopia projectopia-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Projectopia: from n/a through <= 5.1.17.
Explanation of Vulnerability in Simple Terms
02Summary
Projectopia versions up to 5.1.17 lack proper authorization checks, allowing authenticated users to disrupt service availability. An attacker with low-level access can trigger a denial-of-service condition without requiring user interaction. The vulnerability affects the core application and impacts availability but not data confidentiality or integrity.
What an attacker can do
03Attacker Capabilities
Disrupt service availability by making the application unavailable to legitimate users.
Potential impact on your site
04Site Impact
Legitimate users may experience service interruptions or downtime caused by authenticated attackers.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege user account on the Projectopia instance.
Key dates
06Disclosure timeline
May 19, 2025
CVE published
April 28, 2026
Record updated