PT-2009-4224 · Exjune · Exjune Office Message System

Byalbayx

Published

2009-05-21

Updated

2017-09-29

CVE-2009-1752

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: exJune Office Message System version 1

Description: The issue is related to improper access restriction to certain API endpoints, specifically "configure.asp" and "addmessage2.asp", allowing remote attackers to gain privileges via a direct request.

Recommendations: For exJune Office Message System version 1, restrict access to the "configure.asp" and "addmessage2.asp" endpoints to prevent unauthorized privilege escalation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-1752

Affected Products

Exjune Office Message System

PT-2009-4224 · Exjune · Exjune Office Message System

CVE-2009-1752

Weakness Enumeration

Related Identifiers

Affected Products

References · 4