8.1
CVE-2026-32300
- EPSS 0.03%
- Veröffentlicht 23.03.2026 21:40:59
- Zuletzt bearbeitet 24.03.2026 20:40:41
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginConnect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensource-workshop ≫ Connect-cms Version >= 1.0.0 < 1.41.1
Opensource-workshop ≫ Connect-cms Version >= 2.0.0 < 2.41.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.095 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.