2 matches found
CVE-2012-2315
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action...
CVE-2012-2315
OpenKM 5.1.7 and earlier versions (before 5.1.8-2) suffer a privilege-escillation flaw in admin/Auth: the system does not properly enforce privileges for changing user roles via the userEdit action. Remote authenticated users can assign administrator privileges to arbitrary users. Root cause: imp...