JhumanJ OpnForm Improper Access Control Vulnerability in Edit Function
Vulnerability
A vulnerability allowing improper access control has been identified in JhumanJ OpnForm versions through 1.9.3. The issue resides in an unknown function of the file '/edit', where access controls are not properly enforced. This vulnerability can be exploited remotely, potentially leading to unauthorized access to sensitive form data, such as passwords and other settings.
Impact
Exploitation of this vulnerability allows low-privileged users with read-only access to view and potentially leak sensitive form information, including passwords, through the '/edit' endpoint.
Reproduction
To reproduce this vulnerability, log in as a user with read-only access. Then, access the '/edit' endpoint of a form. The response will include sensitive information such as the form's password and other settings, which should not be visible to read-only users.
Remediation
Users are advised to update to JhumanJ OpnForm version 1.9.4 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.