CVE-2008-6109

Name of the Vulnerable Software and Affected Versions Robin Rawson-Tetley Animal Shelter Manager (ASM) versions prior to 2.2.2

Description The issue concerns improper enforcement of user account privileges, allowing local users to bypass access restrictions. This can be achieved by opening unspecified screens, related to the "double click selector bug", or by modifying specific records, including animal, owner, lost/found, diary note, owner donation, or waiting list records, related to "change permissions" and the "new UI".

Recommendations For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive screens and records to minimize the risk of exploitation. Avoid using the "change permissions" feature in the new UI until the issue is resolved.