Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NGroupsession
APPGroupsession≤ 5.1.1
Related vulnerabilities
Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession b...
Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession ...
Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession...
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSessi...
In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization chec...