What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2.
Explanation of Vulnerability in Simple Terms
PrivateContent versions up to 9.9.2 contain a critical vulnerability that allows unauthenticated attackers to read, modify, or delete data on the site without any user interaction. The vulnerability stems from improper privilege validation in the application. No authentication or special conditions are required to exploit this issue.
What an attacker can do
Read, modify, or delete any data on the site without logging in.
Potential impact on your site
Complete compromise of site data confidentiality, integrity, and availability without warning or authentication.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities