Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAdrian FurtunaPACKETSTORM:122149
HistoryJun 25, 2013 - 12:00 a.m.

Magnolia CMS 4.5.8 Access Bypass

2013-06-2500:00:00
Adrian Furtuna
packetstormsecurity.com
33

0.004 Low

EPSS

Percentile

74.4%

JSON
`Subject:  
======  
Multiple access control vulnerabilities in Magnolia CMS, Community and  
Enterprise editions  
  
CVE ID:  
=======  
CVE-2013-4621  
  
Summary:  
========  
A non-admin user (such as default users eric / peter) can access and  
execute multiple administrative functionalities of the CMS by accessing  
directly the specific URLs.  
  
Product:  
========  
Magnolia CMS  
  
Vendor:  
=======  
Magnolia International Ltd.  
  
Affected versions:  
==================  
Magnolia CMS <= 4.5.8  
Tested on: 4.5.8, 4.5.7 and 4.5.3, both Community and Enterprise editions  
  
Not-affected version:  
=====================  
Magnolia CMS 4.5.9  
  
Product information:  
====================  
Magnolia CMS is an open-source Web Content Management System that focuses  
on providing an intuitive user experience in an enterprise-scale system.  
  
Vulnerability details:  
======================  
The following functionalities can be accessed and executed by a non-admin  
user based on the URL:  
  
- View and set the log level of Magnolia  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/log4j  
  
- Read Magnolia log files (can contain sensitive information)  
  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/logViewer.html?command=displayFileContent&fileName=magnolia-error.log  
  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/logViewer.html?command=displayFileContent&fileName=magnolia-debug.log  
  
- View Magnolia configuration:  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/configuration.html  
  
- View permissions of Magnolia users. Also can be used for user enumeration  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/permission.html  
  
- Send arbitrary email messages  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/sendMail.html  
  
- View the list of installed modules  
  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/installedModulesList.html  
  
- Execute arbitrary queries in the repository (limited by the current  
user's rights)  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/jcrUtils.html  
  
  
Vendor contact log:  
===================  
2013-04-25: Contacting vendor through [email protected]  
2013-04-29: Vendor acknowledges the receipt of the advisory  
2013-04-29: Vendor confirms the vulnerability  
2013-06-03: Vendor releases version 4.5.9 which fixes the vulnerability  
  
  
Credits:  
========  
This vulnerability was discovered by Adrian Furtuna  
http://pentest-tools.com  
  
Solution:  
=========  
Upgrade to the latest version of Magnolia CMS  
`

Related

securityvulns 2
openvas 2
cvelist 1
prion 1
nvd 1
cve 1
securityvulns
securityvulns
[Full-disclosure] Magnolia CMS multiple access control vulnerabilities
2013-07-15 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-07-15 00:00:00
openvas
openvas
Magnolia CMS Access Bypass Vulnerability
2013-07-01 00:00:00
Magnolia CMS Access Bypass Vulnerability
2013-07-01 00:00:00
cvelist
cvelist
CVE-2013-4621
2019-12-27 16:21:24
prion
prion
Design/Logic Flaw
2019-12-27 17:15:00
nvd
nvd
CVE-2013-4621
2019-12-27 17:15:15
cve
cve
CVE-2013-4621
2019-12-27 17:15:15

0.004 Low

EPSS

Percentile

74.4%

JSON
Related for PACKETSTORM:122149
securityvulns2openvas2cvelist1prion1nvd1cve1