Information Disclosure/User Enumeration Vulnerability

[cowsaymoe]

Greetings,

In the Symbiota repository, a website running the software is vulnerable to user enumeration in the "userprofile.php" file. An unauthenticated attacker can navigate to /profile/userprofile.php?userid=1 and by guessing/brute-forcing the userid parameter a valid user will display their profile details. The profile details include but are not limited to Full name, email, website, and login name.

Solution

• Check if a user is authenticated before allowing them to view the web page.
• Once a user is authenticated, check if their user ID is the same as the one supplied to the userid parameter.

If you need some help patching this I am more than happy to make a commit to the repository with a fix.

I apologize if this is not the proper place to disclose vulnerabilities. If you have a better contact method or website to disclose them I would appreciate you letting me know. I have found more vulnerabilities that I would like to report so they can be fixed and only reported this one since the post would be public and it is not a critical vulnerability.

Thanks,
Mohammed