Описание
Insecure Direct Object Reference in extension "Content Consent" (content_consent)
The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference (IDOR) vulnerability with the potential to expose internal content elements.
Пакеты
Наименование
t3s/content-consent
composer
Затронутые версииВерсия исправления
>= 2.0.0, < 2.0.2
2.0.2
Наименование
t3s/content-consent
composer
Затронутые версииВерсия исправления
< 1.0.3
1.0.3
5.3 Medium
CVSS3
CVE ID
5.3 Medium
CVSS3