Lucene search
Lukasz Miedziński1337DAY-ID-24090HistoryAug 20, 2015 - 12:00 a.m.
UNIT4TETA TETA WEB - Authorization Bypass vulnerability
2015-08-2000:00:00
Lukasz Miedziński
0day.today
29
EPSS
0.006
Percentile
78.0%
Exploit for php platform in category web applications
Title: UNIT4TETA TETA WEB - Authorization Bypass vulnerability
Author: Lukasz Miedziński
Date: 08. January 2015
CVE: CVE-2015-1173
Affected software :
===================
UNIT4TETA TETA WEB 22.62.3.4 - newest version
Older versions are probably affected too.
Exploit was tested on :
======================
UNIT4TETA TETA WEB 22.62.3.4 - newest version
Description :
=============
TETA Web (former TETA Galactica) is an Internet platform interoperating
with TETA HR (former TETA Personnel) application. It provides support for
the HR departments of small, medium and very large companies.
With this platform managers obtain a tool for effective management of
subordinate business units, and HR departments can transfer some of their
tasks, such as generating reports and printouts, monitoring leave days
numbers and periodic examination dates, to employees and their supervisors.
Vulnerabilities :
*****************
Authorization Bypass :
================================
Description: Unauthorized users are able to manipulate received parameters
and get privileges to modules:
- Design Mode
- Debug Logger mode
Vulnerability is confirmed by Vendor. Patch is released
# 0day.today [2018-01-06] #Related
cvelist
cvelist
CVE-2015-1173
2015-09-16 18:00:00
nvd
nvd
CVE-2015-1173
2015-09-16 18:59:01
cve
cve
CVE-2015-1173
2015-09-16 18:59:01
prion
prion
Code injection
2015-09-16 18:59:00