JVN#19732015: MilkyStep fails to restrict access permissions

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions against the management function for user information (CWE-284).

Impact

A non-administrative user may be able to change administrative user credentials.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

• MilkyStep Light Ver0.94 and earlier
• MilkyStep Professional Ver1.82 and earlier
• MilkyStep Professional OEM Ver1.82 and earlier