Main Vulnerability Database Vulnerabilities #VU22767

#VU22767 Improper access control in Email Subscribers & Newsletters

Published: November 14, 2019

Vulnerability identifier: #VU22767

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Email Subscribers & Newsletters

Software vendor:
icegram

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote authenticated user with subscriber and above access can bypass implemented security restrictions and send test emails on behalf of the site owner.

Remediation

Install updates from vendor's website.

External links

https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newslet...

#VU22767 Improper access control in Email Subscribers & Newsletters

Description

Remediation

External links

Please verify you're human