A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public.
References
Link | Resource |
---|---|
https://vuldb.com/?id.199974 | Permissions Required Third Party Advisory |
https://www.youtube.com/watch?v=tIzOZtp2fxA | Exploit Third Party Advisory |
https://youtu.be/tIzOZtp2fxA | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VulDB
Published: 2022-05-17T05:15:12
Updated: 2022-05-17T05:15:12
Reserved: 2022-05-17T00:00:00
Link: CVE-2022-1753
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-17T06:15:06.807
Modified: 2022-05-25T18:05:02.210
Link: CVE-2022-1753
JSON object: View
Redhat Information
No data.