Lucene search

K
packetstormAdrian FurtunaPACKETSTORM:122149
HistoryJun 25, 2013 - 12:00 a.m.

Magnolia CMS 4.5.8 Access Bypass

2013-06-2500:00:00
Adrian Furtuna
packetstormsecurity.com
33

0.004 Low

EPSS

Percentile

74.4%

`Subject:  
======  
Multiple access control vulnerabilities in Magnolia CMS, Community and  
Enterprise editions  
  
CVE ID:  
=======  
CVE-2013-4621  
  
Summary:  
========  
A non-admin user (such as default users eric / peter) can access and  
execute multiple administrative functionalities of the CMS by accessing  
directly the specific URLs.  
  
Product:  
========  
Magnolia CMS  
  
Vendor:  
=======  
Magnolia International Ltd.  
  
Affected versions:  
==================  
Magnolia CMS <= 4.5.8  
Tested on: 4.5.8, 4.5.7 and 4.5.3, both Community and Enterprise editions  
  
Not-affected version:  
=====================  
Magnolia CMS 4.5.9  
  
Product information:  
====================  
Magnolia CMS is an open-source Web Content Management System that focuses  
on providing an intuitive user experience in an enterprise-scale system.  
  
Vulnerability details:  
======================  
The following functionalities can be accessed and executed by a non-admin  
user based on the URL:  
  
- View and set the log level of Magnolia  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/log4j  
  
- Read Magnolia log files (can contain sensitive information)  
  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/logViewer.html?command=displayFileContent&fileName=magnolia-error.log  
  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/logViewer.html?command=displayFileContent&fileName=magnolia-debug.log  
  
- View Magnolia configuration:  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/configuration.html  
  
- View permissions of Magnolia users. Also can be used for user enumeration  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/permission.html  
  
- Send arbitrary email messages  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/sendMail.html  
  
- View the list of installed modules  
  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/installedModulesList.html  
  
- Execute arbitrary queries in the repository (limited by the current  
user's rights)  
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/jcrUtils.html  
  
  
Vendor contact log:  
===================  
2013-04-25: Contacting vendor through [email protected]  
2013-04-29: Vendor acknowledges the receipt of the advisory  
2013-04-29: Vendor confirms the vulnerability  
2013-06-03: Vendor releases version 4.5.9 which fixes the vulnerability  
  
  
Credits:  
========  
This vulnerability was discovered by Adrian Furtuna  
http://pentest-tools.com  
  
Solution:  
=========  
Upgrade to the latest version of Magnolia CMS  
`

0.004 Low

EPSS

Percentile

74.4%

Related for PACKETSTORM:122149