CVE-2022-32277

Name of the Vulnerable Software and Affected Versions Squiz Matrix CMS version 6.20

Description The issue is caused by a failure to correctly validate authorization when submitting a request to change a user's contact details, leading to an Insecure Direct Object Reference. This allows unauthorized access to user data. The vulnerability is disputed by both the vendor and the original discoverer as it is considered a site-specific finding rather than a product-wide issue.

Recommendations For Squiz Matrix CMS version 6.20, consider restricting access to the user contact details modification feature until a patch or official guidance is available from the vendor. As a temporary workaround, review and strengthen authorization validation for all requests related to user data modification to prevent unauthorized changes.