Lucene search
Veracode Vulnerability DatabaseVERACODE:36316HistoryJul 11, 2022 - 9:57 a.m.
Insecure Direct Object Reference
2022-07-1109:57:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
insecure direct object reference
`homepage.php`
creategatekeeper
admin panel
EPSS
0.001
Percentile
32.8%
idno/known is vulnerable to Insecure Direct Object Reference. The vulnerable getContent() and postContent() functions in Homepage class in Homepage.php file allow remote authenticated attackers to gain access to certain settings of the admin panel due to the use of createGatekeeper() inner function.
References
blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/
blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/#The-Remediation
github.com/idno/known
github.com/idno/known/commit/7520391b16444bd0baa82add7075ee4a4270adc3
github.com/idno/known/pull/3101
withknown.com/
Related
cvelist
cvelist
CVE-2022-30852
2022-07-08 11:10:28
nvd
nvd
CVE-2022-30852
2022-07-08 12:15:10
github
github
Known v1.3.1 contains Insecure Direct Object Reference
2022-07-09 00:00:26
cve
cve
CVE-2022-30852
2022-07-08 12:15:10
osv
osv
Known v1.3.1 contains Insecure Direct Object Reference
2022-07-09 00:00:26
prion
prion
Design/Logic Flaw
2022-07-08 12:15:00