What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5.
Explanation of Vulnerability in Simple Terms
Final User versions 1.2.5 and earlier contain an improper access control vulnerability that allows authenticated users to read, modify, or delete data they should not have access to. The flaw requires a valid user account but no additional user interaction. An attacker with low-privilege credentials can escalate their capabilities within the application to access sensitive information or disrupt service.
What an attacker can do
Read, modify, or delete data belonging to other users or the application.
Potential impact on your site
Unauthorized data access, modification, or deletion by authenticated users; potential data breach or service disruption.
Conditions required to exploit
Valid user account with low-level privileges; network access to the application.
Key dates
External resources
Related vulnerabilities