This vulnerability in UnitechPay involves missing authorization controls due to misconfigured access control security levels. It affects versions up to 1.0.2 and allows unauthorized users to perform actions that could alter system integrity. The CVSS score of 5.3 indicates a medium severity impact with network attack vector, low attack complexity, no privileges required, and no user interaction needed. There is no vendor advisory or patch information currently available, and the product is not a cloud service, so remediation depends on vendor updates.

The vulnerability allows unauthorized modification of data or system state (integrity impact) without requiring privileges or user interaction. There is no confidentiality or availability impact reported. Exploitation could lead to unauthorized changes within the UnitechPay system, potentially affecting transaction integrity or related processes.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround is documented, users should monitor vendor communications for updates. Until a patch is available, restricting access to the affected UnitechPay versions and reviewing access control configurations may reduce risk.