Missing Authorization in Eniture Technology Distance Based Shipping Calculator
CVE-2025-26764
6.5MEDIUM
Key Information:
- Vendor
- Enituretechnology
- Status
- Distance Based Shipping Calculator
- Vendor
- CVE Published:
- 22 February 2025
Summary
A missing authorization vulnerability in the Eniture Technology Distance Based Shipping Calculator allows attackers to exploit incorrectly configured access control security levels. This issue can lead to unauthorized access, posing a significant risk to users. The vulnerability affects all versions up to 2.0.22, making it essential for administrators to review their settings and ensure proper access control measures are implemented.
Affected Version(s)
Distance Based Shipping Calculator <= 2.0.22
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mika (Patchstack Alliance)