Description
Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce PDF Vouchers-Ultimate Gift Cards Unspecified Vulnerability (4.9.4)
WordPress Plugin WordPress Popular Posts Cross-Site Scripting (3.3.2)
Squid Improper Privilege Management Vulnerability (CVE-2019-12522)
MediaWiki CVE-2012-4885 Vulnerability (CVE-2012-4885)
WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (3.5)