CVE-2022-32277 Information

Description

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user’s contact details.

Reference

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/squiz-matrix-cms-authenticated-privilege-escalation-through-idor/