Description

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.

Remediation

References

CVE-2023-5549

Related Vulnerabilities

WordPress Plugin BookX Local File Inclusion (1.7)

WordPress Plugin Ecwid Ecommerce Shopping Cart PHP Object Injection (4.4.3)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4112)

Internet Information Services Other Vulnerability (CVE-1999-1538)

PHP Other Vulnerability (CVE-2000-0967)

Severity

Medium

Classification

CVE-2023-5549 CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities