What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0.
Explanation of Vulnerability in Simple Terms
CouponXxL versions 3.0.0 and earlier contain a critical vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, or disrupt service without any user interaction. The vulnerability stems from improper access control (CWE-266) and can be exploited remotely over the network. All users of affected versions should update immediately.
What an attacker can do
Read sensitive data, modify content, or disable the site without logging in or user interaction.
Potential impact on your site
Your site's data, functionality, and availability are at immediate risk from remote attackers.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources