Arbitrary Group ID Name Change Vulnerability in WoWonder v4.0.0

Arbitrary Group ID Name Change Vulnerability in WoWonder v4.0.0

CVE-2022-26254 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names.

Learn more about our Network Penetration Testing.