What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.2.37.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.2.37.
Explanation of Vulnerability in Simple Terms
LazyTasks versions 1.2.37 and earlier contain a critical vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, and disrupt service availability. The vulnerability requires no user interaction and can be exploited remotely over the network. All installations of affected versions should be updated immediately.
What an attacker can do
Read sensitive data, modify content, and disable the site without authentication.
Potential impact on your site
Complete compromise of LazyTasks functionality and data; attackers can access, modify, or delete information.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities