Siteman users.php Arbitrary Admin Account Creation

2005-01-20T03:29:37
ID OSVDB:13131
Type osvdb
Reporter amironline452(amironline452@hotmail com)
Modified 2005-01-20T03:29:37

Description

Vulnerability Description

Siteman contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused triggered when a malicious user submits a specially crafted form to users.php. This flaw will create an arbitrary admin account, which will lead to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Siteman contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused triggered when a malicious user submits a specially crafted form to users.php. This flaw will create an arbitrary admin account, which will lead to a loss of integrity.

References:

Vendor URL: http://sitem.sourceforge.net/ Security Tracker: 1012951 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0239.html Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=110643320814371&w=2