Ajax Dashboard
Monthly
Drupal AJAX Dashboard versions before 3.1.0 fail to enforce authentication on critical AJAX endpoints, allowing unauthenticated remote attackers to bypass access controls and invoke privileged dashboard functions. The vulnerability affects all versions from 0.0.0 through 3.1.0 (exclusive) and is categorized as a Missing Authentication for Critical Function (CWE-306). No public exploit code or active exploitation via CISA KEV has been confirmed at time of analysis, but the authentication bypass nature of this defect presents significant risk to installations relying on dashboard security.
Drupal AJAX Dashboard versions before 3.1.0 fail to enforce authentication on critical AJAX endpoints, allowing unauthenticated remote attackers to bypass access controls and invoke privileged dashboard functions. The vulnerability affects all versions from 0.0.0 through 3.1.0 (exclusive) and is categorized as a Missing Authentication for Critical Function (CWE-306). No public exploit code or active exploitation via CISA KEV has been confirmed at time of analysis, but the authentication bypass nature of this defect presents significant risk to installations relying on dashboard security.