What the vulnerability does
01Description
Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through <= 1.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through <= 1.1.
Explanation of Vulnerability in Simple Terms
CMS Blocks versions 1.1 and earlier lack proper authorization checks, allowing authenticated users to read sensitive data they should not access. An attacker with a low-privilege account can view confidential information without modifying or disrupting the site. The vulnerability affects all versions from release through 1.1.
What an attacker can do
Read sensitive data belonging to other users or restricted areas of the site.
Potential impact on your site
User data and confidential information may be exposed to authenticated attackers with limited permissions.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
External resources