What the vulnerability does
01Description
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.
Explanation of Vulnerability in Simple Terms
Watu Quiz versions 3.4.5 and earlier lack proper authorization checks, allowing authenticated users to modify quiz data they should not have access to. An attacker with a low-privilege account can alter quiz content, answers, or settings without permission. The vulnerability requires login credentials but does not affect data confidentiality or system availability.
What an attacker can do
Modify quiz content, answers, or settings belonging to other users or administrators.
Potential impact on your site
Quiz integrity compromised; users may see altered questions, answers, or scoring rules without admin knowledge.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities