idno/known is vulnerable to Insecure Direct Object Reference. The vulnerable getContent()
and postContent()
functions in Homepage
class in Homepage.php
file allow remote authenticated attackers to gain access to certain settings of the admin panel due to the use of createGatekeeper()
inner function.
blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/
blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/#The-Remediation
github.com/idno/known
github.com/idno/known/commit/7520391b16444bd0baa82add7075ee4a4270adc3
github.com/idno/known/pull/3101
withknown.com/