An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.
References
Link | Resource |
---|---|
https://github.com/gleez/cms/issues/801 | Mitigation Third Party Advisory |
https://github.com/gleez/cms/issues/801 | Mitigation Third Party Advisory |
Configurations
History
21 Nov 2024, 03:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/gleez/cms/issues/801 - Mitigation, Third Party Advisory |
Information
Published : 2018-09-07 17:29
Updated : 2024-11-21 03:53
NVD link : CVE-2018-16704
Mitre link : CVE-2018-16704
CVE.ORG link : CVE-2018-16704
JSON object : View
Products Affected
gleeztech
- gleezcms
CWE
CWE-639
Authorization Bypass Through User-Controlled Key