Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-30852
CVE-2022-30852:
PHP vulnerability analysis and mitigation
Overview
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability. The vulnerability was identified in May 2022 and affects the Known PHP CMS software developed by WithKnown (WithKnown, Known Github).
Technical details
The vulnerability exists in the Homepage class under the Idno\Pages\Admin namespace, specifically in the getContent() and postContent() functions. While other admin panel pages are secured with the adminGatekeeper() function, the Homepage class uses createGatekeeper() instead, which only verifies if a user is logged in rather than checking for administrative privileges (Security Blog).
Impact
The vulnerability allows any logged-in user to access certain settings in the admin panel that control content display on the site frontend, effectively bypassing the intended administrative access controls (NVD).
Mitigation and workarounds
The vulnerability can be patched by replacing the createGatekeeper() function with adminGatekeeper() in the affected code. This ensures that only users with administrative privileges can access the admin panel settings (Security Blog).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management