Uipress Lite
Monthly
UiPress Lite versions through 3.5.09 contain a missing authorization vulnerability (CWE-862) that allows authenticated users to exploit incorrectly configured access control security levels, enabling privilege escalation or unauthorized resource access. An attacker with low-level user credentials can bypass authorization checks to access or modify functionality restricted to higher-privilege roles. The vulnerability has a CVSS score of 6.3 with network-based attack vector requiring only low privileges, indicating moderate real-world exploitability.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.4.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
UiPress Lite versions through 3.5.09 contain a missing authorization vulnerability (CWE-862) that allows authenticated users to exploit incorrectly configured access control security levels, enabling privilege escalation or unauthorized resource access. An attacker with low-level user credentials can bypass authorization checks to access or modify functionality restricted to higher-privilege roles. The vulnerability has a CVSS score of 6.3 with network-based attack vector requiring only low privileges, indicating moderate real-world exploitability.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.4.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.