CVE-2005-4458
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.2 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.5%
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.
Affected configurations
References
archives.neohapsis.com/archives/fulldisclosure/2005-12/1012.html
secunia.com/advisories/18137
securityreason.com/securityalert/287
www.metadot.com/metadot/index.pl?iid=2632
www.osvdb.org/22014
www.securityfocus.com/archive/1/420002/100/0/threaded
www.securityfocus.com/bid/15975
www.vupen.com/english/advisories/2005/3030
exchange.xforce.ibmcloud.com/vulnerabilities/23847
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.2 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.5%