Missing Authorization Flaw in Mojoomla School Management by Mojoomla
CVE-2025-48108
6.5MEDIUM
What is CVE-2025-48108?
A missing authorization vulnerability in Mojoomla School Management allows attackers to exploit incorrectly configured access control security levels. This insecurity enables unauthorized access to sensitive functions or data, primarily affecting versions prior to and including 93.2.0. Ensuring proper access levels and security configurations is critical to prevent exploitation of this vulnerability.
Affected Version(s)
School Management <= 93.2.0
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nguyen Kim Sang | HPT Vietnam (Patchstack Bug Bounty program)