What the vulnerability does
01Description
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/AU:Y
What the vulnerability does
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.
Explanation of Vulnerability in Simple Terms
The Novarain/Tassos Framework contains an access control flaw that allows attackers to modify or delete data without proper authorization. The vulnerability affects versions 1.0.0 through 6.0.1. An attacker with network access can exploit this to alter site content or disable functionality. Site administrators should update to a patched version when available.
What an attacker can do
Modify or delete site data and settings without authorization.
Potential impact on your site
Attackers can alter or destroy site content, settings, and functionality without your permission.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities