What the vulnerability does
01Description
Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3.
Explanation of Vulnerability in Simple Terms
02Summary
Mobile DJ Manager versions up to 1.7.8.3 lack proper authorization checks, allowing authenticated users with low privileges to read, modify, or delete data they should not access. An attacker with a basic user account can perform actions restricted to administrators or other users without additional verification. This affects confidentiality, integrity, and availability of site data.
What an attacker can do
03Attacker Capabilities
Read, modify, or delete data belonging to other users or administrators without proper authorization.
Potential impact on your site
04Site Impact
Unauthorized users can access sensitive booking, client, or configuration data and make unauthorized changes to your DJ management system.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site; no additional user interaction required.
Key dates
06Disclosure timeline
June 27, 2025
CVE published
May 12, 2026
Record updated