GHSA-hh92-wg7v-8vfr

Suggest an improvement
Source
https://github.com/advisories/GHSA-hh92-wg7v-8vfr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hh92-wg7v-8vfr/GHSA-hh92-wg7v-8vfr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hh92-wg7v-8vfr
Aliases
  • CVE-2018-16704
Published
2022-05-13T01:19:17Z
Modified
2024-04-25T22:56:48.260009Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
Details

An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.

Database specific
{
    "nvd_published_at": "2018-09-07T17:29:00Z",
    "cwe_ids": [
        "CWE-639"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T22:41:46Z"
}
References

Affected packages

Packagist / gleez/cms

Package

Name
gleez/cms
Purl
pkg:composer/gleez/cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.2.0