Main Vulnerability Database Vulnerabilities #VU6786

#VU6786 Improper access control in Custom Landing Page Builder

Published: May 29, 2017 / Updated: May 29, 2017

Vulnerability identifier: #VU6786

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Custom Landing Page Builder

Software vendor:
zyxware

Description

The vulnerability allows a remote attacker to gain access to layout of the page.

The weakness exists due to improper access control. A remote attacker can use a WYSIWYG editor to build custom landing pages and edit the header, navigation, page content, footer, forms on the webpage.

Successful exploitation of the vulnerability may result in full control over the full layout of the page.

Remediation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

External links

https://www.drupal.org/node/2881156

#VU6786 Improper access control in Custom Landing Page Builder

Description

Remediation

External links

Please verify you're human