Security Advisory

CVE-2018-16704

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-09-07 17:00:00

Last updated 2024-08-05 10:32:52

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.

← Browse all CVEs View on cve.org ↗