What the vulnerability does
01Description
Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.
Explanation of Vulnerability in Simple Terms
Business Directory versions up to 6.4.23 lack proper authorization checks, allowing unauthenticated attackers to modify data on the site. An attacker can send network requests without logging in to alter or delete directory entries. The vulnerability affects data integrity and availability but does not expose sensitive information.
What an attacker can do
Modify or delete directory entries without logging in.
Potential impact on your site
Directory data can be altered or removed by anyone on the internet without permission.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources