OpenDocMan commitchange.php Authorization Bypass

2004-07-26T06:42:49
ID OSVDB:8237
Type osvdb
Reporter OSVDB
Modified 2004-07-26T06:42:49

Description

Vulnerability Description

OpenDocMan contains a flaw that may allow a malicious user to bypass user authentication checks. The issue is due to the "commitchange.php" script missing an authentication check when committing changes. It is possible that the flaw may allow a remote attack to make unauthorized changes, resulting in a loss of integrity.

Solution Description

Upgrade to version 1.2 Final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

OpenDocMan contains a flaw that may allow a malicious user to bypass user authentication checks. The issue is due to the "commitchange.php" script missing an authentication check when committing changes. It is possible that the flaw may allow a remote attack to make unauthorized changes, resulting in a loss of integrity.

References:

Secunia Advisory ID:12159 Other Advisory URL: http://sourceforge.net/project/shownotes.php?release_id=255785