Vulnerabilities > CVE-2023-28698 - Incorrect Authorization vulnerability in Wddgroup Fantsy 2.1.8

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wddgroup

CWE-863

critical

NVD

Published: 2023-06-02

Updated: 2023-06-09

Summary

Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service.

Vulnerable Configurations

Part	Description	Count
Application	Wddgroup Wddgroup Fantsy 2.1.8	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.twcert.org.tw/tw/cp-132-7101-f88db-1.html