CVE-2018-16704

An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.
References
Link Resource
https://github.com/gleez/cms/issues/801 Mitigation Third Party Advisory
https://github.com/gleez/cms/issues/801 Mitigation Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gleeztech:gleezcms:1.3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:53

Type Values Removed Values Added
References () https://github.com/gleez/cms/issues/801 - Mitigation, Third Party Advisory () https://github.com/gleez/cms/issues/801 - Mitigation, Third Party Advisory

Information

Published : 2018-09-07 17:29

Updated : 2024-11-21 03:53


NVD link : CVE-2018-16704

Mitre link : CVE-2018-16704

CVE.ORG link : CVE-2018-16704


JSON object : View

Products Affected

gleeztech

  • gleezcms
CWE
CWE-639

Authorization Bypass Through User-Controlled Key