Packagist (Composer) package
t3s/content-consent
pkg:composer/t3s/content-consent
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-50462 | med | — | >= 2.0.0, < 2.0.2 | 2.0.2 | Dec 13, 2023 | The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference (IDOR) vulnerability with the potential to expose inte |
- affected >= 2.0.0, < 2.0.2fixed 2.0.2
The extension fails to verify whether a specified content element identifier is permitted by the plugin. This enables an unauthenticated user to display various content elements, leading to an insecure direct object reference (IDOR) vulnerability with the potential to expose inte