CVE-2018-16704 – gleez/cms

Package

Manager: composer
Name: gleez/cms
Vulnerable Version: >=0 <=1.2.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00153 pctl0.36658

Details

Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to `user/3` on `demo.gleezcms.org`.

Metadata

Created: 2022-05-13T01:19:17Z
Modified: 2024-04-25T22:41:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hh92-wg7v-8vfr/GHSA-hh92-wg7v-8vfr.json
CWE IDs: ["CWE-639"]
Alternative ID: GHSA-hh92-wg7v-8vfr
Finding: F039
Auto approve: 1