What the vulnerability does
01Description
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
Explanation of Vulnerability in Simple Terms
ReviewX versions up to 2.3.6 contain an authentication bypass vulnerability that allows unauthenticated attackers to modify data on the site. The vulnerability stems from improper authentication checks in a critical function. No user interaction is required to exploit this issue. Update to version 2.3.7 or later.
What an attacker can do
Modify site data without logging in or providing credentials.
Potential impact on your site
Attackers can alter or corrupt data in ReviewX without any account, potentially affecting reviews, ratings, or other stored information.
Conditions required to exploit
Network access to the ReviewX installation; no authentication required.
Key dates
External resources
Related vulnerabilities