CVE-2025-68850
Unknown
Unknown - Not Provided
Missing Authorization in Codepeople Sell Downloads Allows Unauthorized Access
Publication date: 2026-01-05
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through <= 1.1.12.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codepeople | sell_downloads | From 1.0.0 (inc) to 1.1.12 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in Codepeople Sell Downloads, where incorrectly configured access control security levels allow unauthorized exploitation. It affects versions up to 1.1.12.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive data or functionality since it allows exploitation due to missing authorization checks. According to the CVSS score, it has a high impact on confidentiality but does not affect integrity or availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70