GHSA-qxh3-jgvh-x55j: 
PHP vulnerability analysis and mitigation

A privilege escalation vulnerability was identified in Connect-CMS (GHSA-qxh3-jgvh-x55j), discovered and published on July 3, 2023. The vulnerability affects Connect-CMS versions 1.7.1, 2.3.1 and earlier. This security issue was assigned a moderate severity rating with a CVSS score of 4.3 (GitHub Advisory).

The vulnerability has been assessed with the following CVSS v3.1 metrics: Network attack vector, Low attack complexity, No privileges required, User interaction required, Unchanged scope, Low confidentiality impact, and No impact on integrity or availability. The complete CVSS string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (GitHub Advisory).

The vulnerability affects the management system of Connect-CMS, potentially allowing privilege escalation. The impact is primarily focused on confidentiality with a low severity rating, while there are no reported impacts on system integrity or availability (GitHub Advisory).

The vulnerability has been patched in Connect-CMS versions 1.7.2 and 2.3.2. Users are advised to upgrade to the latest version of Connect-CMS as the primary mitigation strategy (GitHub Advisory).