Vulnerabilities > CVE-2022-32277 - Authorization Bypass Through User-Controlled Key vulnerability in Squiz Matrix 6.20

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

squiz

CWE-639

NVD

Published: 2022-09-06

Updated: 2024-04-11

Summary

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific finding, not a finding about the Squiz Matrix CMS product.

Vulnerable Configurations

Part	Description	Count
Application	Squiz Squiz Matrix 6.20	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/squiz-matrix-cms-authenticated-privilege-escalation-through-idor/