CVE-2011-3645

Name of the Vulnerable Software and Affected Versions Newgen OmniDocs (affected versions not specified)

Description The issue allows remote attackers to bypass intended access restrictions. This can be achieved through modifying the FolderRights parameter to the "doccab/doclist.jsp" endpoint, leading to arbitrary permission changes. Alternatively, modifying the UserIndex parameter to the "doccab/userprofile/editprofile.jsp" endpoint allows selecting the settings page of an arbitrary user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.