Account Manager LITE amadmin.pl Admin Password Modification

2000-08-23T00:00:00
ID OSVDB:13341
Type osvdb
Reporter n30(n30@alldas.de)
Modified 2000-08-23T00:00:00

Description

Vulnerability Description

Account Manager Lite contains a flaw that may allow an attacker to carry out a privilege escalation attack. The issue is due to the amadmin.pl script not properly sanitizing user-supplied input. This may allow an attacker to grant or revoke privileges to users on secure portions of the target website.

Solution Description

Upgrade to version 1.09 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Account Manager Lite contains a flaw that may allow an attacker to carry out a privilege escalation attack. The issue is due to the amadmin.pl script not properly sanitizing user-supplied input. This may allow an attacker to grant or revoke privileges to users on secure portions of the target website.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-08/0291.html ISS X-Force ID: 5125 Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/amlite-xploit.pl Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/cgiamsploit.htm CVE-2000-0689 Bugtraq ID: 1604