CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-J646-J4CF-JJ5H
Vulnerability from github – Published: 2025-05-23 15:31 – Updated: 2026-04-01 18:35Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation. This issue affects CouponXL: from n/a through 4.5.0.
{
"affected": [],
"aliases": [
"CVE-2025-39489"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-23T13:15:30Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation. This issue affects CouponXL: from n/a through 4.5.0.",
"id": "GHSA-j646-j4cf-jj5h",
"modified": "2026-04-01T18:35:14Z",
"published": "2025-05-23T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39489"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/theme/couponxl/vulnerability/wordpress-couponxl-4-5-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J6M2-HPV6-29C4
Vulnerability from github – Published: 2026-06-01 06:30 – Updated: 2026-06-01 06:30A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolution_handlers.go. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project tagged the reported issue as bug.
{
"affected": [],
"aliases": [
"CVE-2026-10218"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T04:16:20Z",
"severity": "LOW"
},
"details": "A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolution_handlers.go. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project tagged the reported issue as bug.",
"id": "GHSA-j6m2-hpv6-29c4",
"modified": "2026-06-01T06:30:25Z",
"published": "2026-06-01T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10218"
},
{
"type": "WEB",
"url": "https://github.com/nextlevelbuilder/goclaw/issues/1120"
},
{
"type": "WEB",
"url": "https://github.com/nextlevelbuilder/goclaw"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-10218"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/821938"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/367497"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/367497/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J6Q4-MVCW-HPGM
Vulnerability from github – Published: 2026-01-19 09:30 – Updated: 2026-02-23 09:31A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly available and might be used.
{
"affected": [],
"aliases": [
"CVE-2026-1141"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-19T07:16:22Z",
"severity": "MODERATE"
},
"details": "A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly available and might be used.",
"id": "GHSA-j6q4-mvcw-hpgm",
"modified": "2026-02-23T09:31:21Z",
"published": "2026-01-19T09:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1141"
},
{
"type": "WEB",
"url": "https://github.com/Asim-QAZi/BrokenAccessControl-News-Portal-Project-in-PHP-and-MySQL-in-PHPGurukul"
},
{
"type": "WEB",
"url": "https://phpgurukul.com"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.341733"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.341733"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.735483"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.736668"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J79V-M8QF-H9JX
Vulnerability from github – Published: 2025-09-26 00:31 – Updated: 2025-09-26 00:31A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-10979"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-25T23:15:48Z",
"severity": "MODERATE"
},
"details": "A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-j79v-m8qf-h9jx",
"modified": "2025-09-26T00:31:19Z",
"published": "2025-09-26T00:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10979"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.325850"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.325850"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.653337"
},
{
"type": "WEB",
"url": "https://www.cnblogs.com/aibot/p/19063353"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J7J8-2M3C-HF7J
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 21:31Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4.
{
"affected": [],
"aliases": [
"CVE-2026-32520"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T17:17:04Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through \u003c= 1.0.4.",
"id": "GHSA-j7j8-2m3c-hf7j",
"modified": "2026-03-26T21:31:25Z",
"published": "2026-03-25T18:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32520"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/rewardswp/vulnerability/wordpress-rewardswp-plugin-1-0-4-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J824-HJ46-XVFV
Vulnerability from github – Published: 2026-06-05 18:31 – Updated: 2026-06-05 18:31A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboard_page/admin_page.php of the component Admin Interface. The manipulation of the argument UserAuthData leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-11336"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-05T16:16:41Z",
"severity": "LOW"
},
"details": "A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboard_page/admin_page.php of the component Admin Interface. The manipulation of the argument UserAuthData leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-j824-hj46-xvfv",
"modified": "2026-06-05T18:31:39Z",
"published": "2026-06-05T18:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11336"
},
{
"type": "WEB",
"url": "https://github.com/tittuvarghese/CollegeManagementSystem/issues/5"
},
{
"type": "WEB",
"url": "https://github.com/tittuvarghese/CollegeManagementSystem"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-11336"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/832582"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/368874"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/368874/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J8J8-V88W-QCP9
Vulnerability from github – Published: 2025-10-22 15:31 – Updated: 2026-01-20 15:31Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through <= 1.0.3.
{
"affected": [],
"aliases": [
"CVE-2025-62007"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-22T15:16:02Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through \u003c= 1.0.3.",
"id": "GHSA-j8j8-v88w-qcp9",
"modified": "2026-01-20T15:31:31Z",
"published": "2025-10-22T15:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62007"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/voice-feedback/vulnerability/wordpress-voice-feedback-plugin-1-0-3-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/voice-feedback/vulnerability/wordpress-voice-feedback-plugin-1-0-3-privilege-escalation-vulnerability"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/voice-feedback/vulnerability/wordpress-voice-feedback-plugin-1-0-3-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J98C-59P5-F6GQ
Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_set_wto of the file /cgi-bin/system_mgr.cgi. Performing a manipulation results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.
{
"affected": [],
"aliases": [
"CVE-2026-4194"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-16T14:20:03Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_set_wto of the file /cgi-bin/system_mgr.cgi. Performing a manipulation results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.",
"id": "GHSA-j98c-59p5-f6gq",
"modified": "2026-03-16T15:30:45Z",
"published": "2026-03-16T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4194"
},
{
"type": "WEB",
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_96/96.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.351106"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.351106"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.769853"
},
{
"type": "WEB",
"url": "https://www.dlink.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J9G6-3RJM-J8F4
Vulnerability from github – Published: 2026-06-15 03:30 – Updated: 2026-06-15 03:30A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-12201"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T01:16:25Z",
"severity": "LOW"
},
"details": "A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-j9g6-3rjm-j8f4",
"modified": "2026-06-15T03:30:32Z",
"published": "2026-06-15T03:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12201"
},
{
"type": "WEB",
"url": "https://github.com/nasawyer7/IObitDriverav"
},
{
"type": "WEB",
"url": "https://nathan2.com/posts/iobit"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-12201"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/829913"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/370844"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/370844/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JCG7-H3PF-WRM2
Vulnerability from github – Published: 2025-06-26 18:31 – Updated: 2025-06-27 15:31A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-6702"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-26T16:15:38Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-jcg7-h3pf-wrm2",
"modified": "2025-06-27T15:31:22Z",
"published": "2025-06-26T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6702"
},
{
"type": "WEB",
"url": "https://ctf-n0el4kls.notion.site/Litemall-Mass-Assignment-Vulnerability-in-wx-comment-post-21441990f447808b86d1cb15e37ecae9"
},
{
"type": "WEB",
"url": "https://ctf-n0el4kls.notion.site/Litemall-Mass-Assignment-Vulnerability-in-wx-comment-post-21441990f447808b86d1cb15e37ecae9?source=copy_link"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.313968"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.313968"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.597473"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.