CRITICAL🇵🇱 Wersja polska

CVE-2024-48237

CVSS 9.8v3.1pub. 2024-10-25upd. 2025-04-17

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.

🤖 AI Analysis
How it works

The vulnerability results from incorrect implementation of the access control mechanism in the HomebaseController.class.php controller, which belongs to the Common module of the WTCMS application. According to CWE-863 (Incorrect Authorization) classification, the system does not properly verify the permissions of the requester, allowing an unauthenticated attacker to perform operations reserved for authorized users. The attack vector is network-based and does not require any privileges or user interaction.

Impact

An attacker can gain unauthorized access to protected application resources, potentially leading to disclosure of sensitive data, modification of content, or takeover of system control (full impact on confidentiality, integrity, and availability according to CVSS vector).

Mitigation & patch

Patches available from the vendor should be applied according to references. It is recommended to monitor the bug report at https://github.com/taosir/wtcms/issues/15 and restrict access to the application at the firewall level until a patch is released.

Who is affected

WTCMS version 1.0 (Wtcms Project Wtcms)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wtcms Project Wtcms

    APP
    Wtcms Project
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-8908CRITICAL9.8ten sam produkt

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the...

CVE-2019-8910HIGH8.8ten sam produkt

An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.

CVE-2019-8909HIGH7.5ten sam produkt

An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consum...

CVE-2018-10267HIGH8.8ten sam produkt

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post U...

CVE-2025-13782MEDIUM5.5ten sam produkt

A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by thi...