Formwork CMS Role-Based Authorization Vulnerability in User Creation

A privilege escalation vulnerability has been identified in Formwork CMS versions 2.0.0 through 2.3.3. The issue arises because the application does not properly enforce role-based authorization during account creation. While the system checks that the specified role exists, it fails to verify whether the current user has the necessary privileges to assign high-level roles, such as admin. Consequently, an authenticated user with the editor role can create accounts with administrative privileges, leading to a complete compromise of the CMS.

Impact

Exploitation of this vulnerability allows an authenticated user with the editor role to create accounts with administrative privileges, granting full control over the CMS. This includes access to all site data and user information, the ability to modify system configurations and security settings, and the power to create, alter, or delete any user account, including those of legitimate administrators.

Remediation

Users can upgrade to Formwork CMS version 2.3.4, which addresses this vulnerability by properly managing role assignments during user creation.