Filtered by vendor Lavalite
Subscriptions
Filtered by product Cms
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70866 | 1 Lavalite | 2 Cms, Lavalite | 2026-02-19 | 8.8 High |
| LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider without role-based access control verification. | ||||
Page 1 of 1.