What the vulnerability does
01Description
Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 versions.
Explanation of Vulnerability in Simple Terms
SportsPress Pro versions up to 2.7.29 contain a flaw that allows authenticated users with low privileges to read sensitive data, modify site content, or disrupt service. The vulnerability requires network access and specific conditions to exploit, but does not require user interaction. Site administrators should update immediately to a version newer than 2.7.29.
What an attacker can do
Read sensitive data, modify content, or disrupt the site's availability.
Potential impact on your site
Authenticated users can access confidential information, alter site data, or cause downtime.
Conditions required to exploit
Attacker must have a low-privilege account on the site; network access required.
Key dates
External resources
Related vulnerabilities