Описание
An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.
Ссылки
- MitigationThird Party Advisory
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:gleeztech:gleezcms:1.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00153
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
EPSS
Процентиль: 36%
0.00153
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639