Description
WoWonder The Ultimate PHP Social Network Platform was discovered to contain an broken access control. Affected is the file /requests.php which is responsible to handle group messages, the manipulation of the argument group_id allows posting messages in other groups.
Proof of Concept
Software Link
WoWonder - The Ultimate PHP Social Network Platform