What the vulnerability does
01Description
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.
Explanation of Vulnerability in Simple Terms
PenNews versions up to 6.7.4 lack proper authorization checks, allowing unauthenticated attackers to modify data on the site. An attacker can send network requests without credentials to alter content. No authentication or user interaction is required. Site administrators should update to a version newer than 6.7.4 as soon as available.
What an attacker can do
Modify site data without logging in or having any account.
Potential impact on your site
Unauthorized users can alter content, potentially defacing pages or corrupting data.
Conditions required to exploit
Network access to the site; no authentication required.
Key dates
External resources