CVE-2018-16704

Name of the Vulnerable Software and Affected Versions Gleez CMS version 1.2.0

Description The issue allows attackers, who are logged-in users, to view the profile page of other users due to an Insecure Direct Object Reference. This can be demonstrated by navigating to the "user/3" endpoint on demo.gleezcms.org.

Recommendations For Gleez CMS version 1.2.0, as a temporary workaround, consider restricting access to the user profile page endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.