An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.
References
Link | Resource |
---|---|
https://github.com/gleez/cms/issues/801 | Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-07T17:00:00
Updated: 2018-09-07T17:57:02
Reserved: 2018-09-07T00:00:00
Link: CVE-2018-16704
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-09-07T17:29:01.143
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-16704
JSON object: View
Redhat Information
No data.
CWE