CVE-2005-4458

Name of the Vulnerable Software and Affected Versions Metadot Portal Server versions 6.4.4 and earlier

Description The issue arises from the Group.pm module in Metadot Portal Server, where it fails to properly reset the $IS OWNER, $IS ADMIN, and $IS MANAGER global variables during special privilege checks. This oversight allows users to escalate their privileges to administrator level by adding themselves to the SITE MGR group.

Recommendations For Metadot Portal Server versions 6.4.4 and earlier, consider restricting access to the Group.pm module until a proper fix is applied, and avoid using the $IS OWNER, $IS ADMIN, and $IS MANAGER global variables for privilege checks. As a temporary workaround, manually monitor and control user additions to the SITE MGR group to prevent unauthorized privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.