Vulnerabilities > CVE-2020-18741 - Unspecified vulnerability in Thinksaas 2.7

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

thinksaas

NVD

Published: 2021-07-08

Updated: 2024-11-21

Summary

Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."

Vulnerable Configurations

Part	Description	Count
Application	Thinksaas Thinksaas Thinksaas 2.7	1

References

https://github.com/thinksaas/ThinkSAAS/issues/19
https://github.com/thinksaas/ThinkSAAS/issues/19