What the vulnerability does
01Description
Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through <= 6.5.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through <= 6.5.1.
Explanation of Vulnerability in Simple Terms
FileBird Pro versions up to 6.5.1 lack proper authorization checks, allowing authenticated users to modify or delete files and folders they should not have access to. An attacker with a low-privilege account can escalate their capabilities within the file management system. The vulnerability affects the integrity and availability of stored files.
What an attacker can do
Modify or delete files and folders beyond their assigned permissions.
Potential impact on your site
Unauthorized file modifications or deletions by low-privilege users; potential data loss or site disruption.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources