[CVE-2022-1753] WoWonder - Broken Access Control

Description

WoWonder The Ultimate PHP Social Network Platform was discovered to contain an broken access control. Affected is the file /requests.php which is responsible to handle group messages, the manipulation of the argument group_id allows posting messages in other groups.

Proof of Concept

References