web content management AddModifyInput.php Remote Privilege Escalation

2005-07-29T09:03:29
ID OSVDB:18524
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-07-29T09:03:29

Description

Vulnerability Description

web content management contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a regular user accesses AddModifyInput.php and is granted permission to create a privileged administrator account.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

web content management contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a regular user accesses AddModifyInput.php and is granted permission to create a privileged administrator account.

Manual Testing Notes

http://[target]/[path]/Admin/Users/AddModifyInput.php

References:

Vendor URL: http://www.web-content-management.us/ Security Tracker: 1014616 Secunia Advisory ID:16317 Related OSVDB ID: 18522 Related OSVDB ID: 18523 Other Advisory URL: http://www.rgod.altervista.org/webc.html ISS X-Force ID: 21694 CVE-2005-2489 Bugtraq ID: 14465