E2pdf
Monthly
E2Pdf versions through 1.28.15 contain a missing authorization vulnerability that allows authenticated users to modify data they should not have access to due to incorrectly configured access control security levels. An attacker with low-level user privileges can exploit this via network access without user interaction to escalate their capabilities and modify unauthorized PDF-related resources. While the CVSS score of 4.3 is moderate and integrity impact is low, the vulnerability represents a classic authorization bypass that could allow privilege escalation or lateral movement within multi-user E2Pdf deployments.
E2Pdf versions through 1.28.15 contain a missing authorization vulnerability that allows authenticated users to modify data they should not have access to due to incorrectly configured access control security levels. An attacker with low-level user privileges can exploit this via network access without user interaction to escalate their capabilities and modify unauthorized PDF-related resources. While the CVSS score of 4.3 is moderate and integrity impact is low, the vulnerability represents a classic authorization bypass that could allow privilege escalation or lateral movement within multi-user E2Pdf deployments.