1 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific finding, not a finding about the Squiz Matrix CMS product. Squiz Matrix CMS versión 6.20, es vulnerable a una Referencia Directa a Objetos Insegura causada por un fallo al comprobar correctamente la autorización cuando es enviada una petición para cambiar los datos de contacto de un usuario. • https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/squiz-matrix-cms-authenticated-privilege-escalation-through-idor • CWE-639: Authorization Bypass Through User-Controlled Key •