What the vulnerability does
01Description
Missing Authorization vulnerability in SMTP2GO SMTP2GO smtp2go allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMTP2GO: from n/a through <= 1.12.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in SMTP2GO SMTP2GO smtp2go allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMTP2GO: from n/a through <= 1.12.1.
Explanation of Vulnerability in Simple Terms
SMTP2GO versions up to 1.12.1 lack proper authorization checks, allowing authenticated users to modify data they should not have access to. An attacker with low-privilege account credentials can alter settings or content without proper permission validation. The vulnerability has low integrity impact and requires valid login credentials to exploit.
What an attacker can do
Modify data or settings they should not have permission to change.
Potential impact on your site
Authenticated users can alter configuration or content beyond their intended access level.
Conditions required to exploit
Valid login credentials with low-level account privileges.
Key dates
External resources