CVE-2022-1810

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions publify/publify versions prior to 9.2.9

Description The issue allows a low-privileged user to bypass authorization and access sensitive information by manipulating a user-controlled key. Specifically, this can be achieved by modifying the value of the article[id] parameter. This could potentially lead to unauthorized modification and deletion of admin articles.

Recommendations For versions prior to 9.2.9, update to version 9.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the article[id] parameter to prevent unauthorized modifications.

Exploit

Fix

Improper Access Control

IDOR

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-639CWE-732

Related Identifiers

BIT-PUBLIFY-2022-1810

CVE-2022-1810

GHSA-C273-C6VG-4PV5

Affected Products

Publify

CVE-2022-1810

Weakness Enumeration

Related Identifiers

Affected Products

References · 10