What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase team-showcase-cm allows Code Injection.This issue affects Team Showcase: from n/a through < 25.05.13.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase team-showcase-cm allows Code Injection.This issue affects Team Showcase: from n/a through < 25.05.13.
Explanation of Vulnerability in Simple Terms
Team Showcase versions up to 25.05.13 contain a code injection vulnerability that allows authenticated users to read sensitive data. An attacker with low-level account access can inject code to access confidential information stored in the application. The vulnerability requires valid login credentials but no additional user interaction.
What an attacker can do
Read sensitive data by injecting code into the application.
Potential impact on your site
Authenticated users can access confidential information they should not see.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site.
Key dates
External resources