First published: Sun Mar 27 2022(Updated: )
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wowonder Wowonder | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-26254.
The severity level of CVE-2022-26254 is medium.
CVE-2022-26254 is an access control issue in WoWonder PHP Social Network Platform v4.0.0 that allows unauthenticated attackers to arbitrarily change group ID names.
Attackers can exploit CVE-2022-26254 by taking advantage of the access control issue to change group ID names without authentication.
Currently, there is no information available about a specific fix for CVE-2022-26254. It is recommended to follow the vendor's official announcements and apply any necessary security updates or patches.