JVN#74280258: MilkyStep fails to restrict access permissions

2015-06-09T00:00:00
ID JVN:74280258
Type jvn
Reporter Japan Vulnerability Notes
Modified 2015-06-09T00:00:00

Description

## Description

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions (CWE-264).

## Impact

A remote attacker may alter product settings.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • MilkyStep Light Ver0.94 and earlier
  • MilkyStep Professional Ver1.82 and earlier
  • MilkyStep Professional OEM Ver1.82 and earlier