Vulnerabilities > CVE-2022-32277 - Authorization Bypass Through User-Controlled Key vulnerability in Squiz Matrix 6.20
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific finding, not a finding about the Squiz Matrix CMS product.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/squiz-matrix-cms-authenticated-privilege-escalation-through-idor/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/squiz-matrix-cms-authenticated-privilege-escalation-through-idor/