First published: Tue May 17 2022(Updated: )
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wowonder Wowonder |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-1753 is medium.
CVE-2022-1753 affects WoWonder by allowing the manipulation of the group_id argument which can lead to unauthorized posting of messages in other groups.
Yes, the attack for CVE-2022-1753 can be launched remotely.
The software affected by CVE-2022-1753 is Wowonder.
To fix CVE-2022-1753, it is recommended to apply the latest security patch provided by Wowonder.