WoWonder - Broken Access Control (CVE-2022-26254)

Description

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group name by manipulation of value the argument group_id.

Proof of Concept

https://youtu.be/b665r1ZfCg4

Software Link

WoWonder - The Ultimate PHP Social Network Platform

References

CVE-2022-26254
Vuldb