← back
CVE-2011-3645

CVE-2011-3645

EPSS 2.7%
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/17897unverifiedexploitdbwww.exploit-db.com/exploits/17897unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2011/Sep/283http://securityreason.com/securityalert/8394http://www.exploit-db.com/exploits/17897