#VU6786 Improper access control in Custom Landing Page Builder
Published: May 29, 2017 / Updated: May 29, 2017
Vulnerability identifier: #VU6786
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Custom Landing Page Builder
Custom Landing Page Builder
Software vendor:
zyxware
zyxware
Description
The vulnerability allows a remote attacker to gain access to layout of the page.
The weakness exists due to improper access control. A remote attacker can use a WYSIWYG editor to build custom landing pages and edit the header, navigation, page content, footer, forms on the webpage.
Successful exploitation of the vulnerability may result in full control over the full layout of the page.
Remediation
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.