CVE-2018-16704
MEDIUM4.3EPSS 0.15%Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
發布日:2022/5/13修改日:2024/4/25
描述
An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to `user/3` on `demo.gleezcms.org`.
受影響套件(1)
- Packagist/gleez/cmsfrom 0, <= 1.2.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |