What the vulnerability does
01Description
Missing Authorization vulnerability in syedamirhussain91 DB Backup db-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DB Backup: from n/a through <= 6.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in syedamirhussain91 DB Backup db-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DB Backup: from n/a through <= 6.0.
Explanation of Vulnerability in Simple Terms
DB Backup versions 6.0 and earlier lack proper authorization checks, allowing authenticated users with low privileges to read sensitive database backup files. An attacker with a basic user account can access backups they should not be able to view, potentially exposing database contents including user credentials and private data. Update to a version newer than 6.0.
What an attacker can do
Read database backup files without proper authorization.
Potential impact on your site
User data and database contents in backups may be exposed to unauthorized site users.
Conditions required to exploit
Attacker needs a low-privilege user account on the site.
Key dates
External resources