WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.
The vulnerability results from incorrect implementation of the access control mechanism in the HomebaseController.class.php controller, which belongs to the Common module of the WTCMS application. According to CWE-863 (Incorrect Authorization) classification, the system does not properly verify the permissions of the requester, allowing an unauthenticated attacker to perform operations reserved for authorized users. The attack vector is network-based and does not require any privileges or user interaction.
An attacker can gain unauthorized access to protected application resources, potentially leading to disclosure of sensitive data, modification of content, or takeover of system control (full impact on confidentiality, integrity, and availability according to CVSS vector).
Patches available from the vendor should be applied according to references. It is recommended to monitor the bug report at https://github.com/taosir/wtcms/issues/15 and restrict access to the application at the firewall level until a patch is released.
WTCMS version 1.0 (Wtcms Project Wtcms)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWtcms Project Wtcms
APPWtcms Project1.0
Related vulnerabilities
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the...
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.
An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consum...
WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post U...
A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by thi...