Miggo Logo

CVE-2018-16704: Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users

4.3

CVSS Score
3.0

Basic Information

EPSS Score
0.36939%
Published
5/13/2022
Updated
4/25/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
gleez/cmscomposer<= 1.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in profile viewing functionality where user-controlled ID parameters (e.g., /user/3) are used to retrieve user records. In MVC frameworks like Kohana (which Gleez CMS uses), this would typically map to a view action in the User controller. The lack of authorization checks before displaying sensitive profile information matches the IDOR pattern described. The high confidence comes from: 1) The URL structure matching common MVC routing patterns 2) The vulnerability's direct relationship to profile viewing functionality 3) The CWE-639 classification indicating missing authorization on user-controlled keys 4) The reproduction steps showing direct parameter manipulation in the URL path.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *l**z *MS v*.*.*. ****us* o* *n Ins**ur* *ir**t O*j**t R***r*n** vuln*r**ility, it is possi*l* *or *tt**k*rs (lo**** in us*rs) to vi*w pro*il* p*** o* ot**r us*rs, *s **monstr*t** *y n*vi**tin* to `us*r/*` on `**mo.*l**z*ms

Reasoning

T** vuln*r**ility m*ni**sts in pro*il* vi*win* *un*tion*lity w**r* us*r-*ontroll** I* p*r*m*t*rs (*.*., /us*r/*) *r* us** to r*tri*v* us*r r**or*s. In MV* *r*m*works lik* Ko**n* (w*i** *l**z *MS us*s), t*is woul* typi**lly m*p to * vi*w **tion in t**