CVE-2012-2315
CVE-2012-2315
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/18888unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2012-01/0007.htmlhttp://archives.neohapsis.com/archives/bugtraq/2012-01/0021.htmlhttp://osvdb.org/78105http://secunia.com/advisories/47424https://exchange.xforce.ibmcloud.com/vulnerabilities/72112http://www.openwall.com/lists/oss-security/2012/03/23/6http://www.openwall.com/lists/oss-security/2012/03/23/8http://www.openwall.com/lists/oss-security/2012/04/27/6http://www.openwall.com/lists/oss-security/2012/05/04/13http://www.openwall.com/lists/oss-security/2012/05/04/2http://www.securityfocus.com/bid/51250