What the vulnerability does
01Description
Missing Authorization vulnerability in GoodLayers Modernize modernize allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modernize: from n/a through <= 3.4.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in GoodLayers Modernize modernize allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modernize: from n/a through <= 3.4.0.
Explanation of Vulnerability in Simple Terms
Modernize by GoodLayers versions 3.4.0 and earlier lack proper authorization checks on certain functions. A logged-in user with low privileges can modify data they should not have access to. The vulnerability does not affect confidentiality or availability, only data integrity. Update to a version newer than 3.4.0.
What an attacker can do
A low-privilege logged-in user can modify data they should not have permission to change.
Potential impact on your site
Unauthorized users may alter site content or settings they should not be able to modify.
Conditions required to exploit
Attacker must have a valid user account with low privileges on the site.
Key dates
External resources
Related vulnerabilities