4 matches found
Insecure Direct Object Reference (IDOR)
t3s/content-consent is vulnerable to Insecure Direct Object Reference IDOR. The issue arises because the library fails to verify whether a specified content element identifier is permitted by the plugin. This allows an unauthenticated user to display various content elements, leading to an insecu...
Insecure Direct Object Reference in extension "Content Consent" (content_consent)
The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference IDOR vulnerability with the potential to expose internal content elemen...
GHSA-J8CW-PPMV-WJ85 Insecure Direct Object Reference in extension "Content Consent" (content_consent)
The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference IDOR vulnerability with the potential to expose internal content elemen...
TYPO3-EXT-SA-2023-009: Insecure Direct Object Reference in extension "Content Consent" (content_consent)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-009...