PT-2018-4183 · Opendocman · Opendocman

Published

2018-04-10

Updated

2019-04-26

CVE-2014-1946

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenDocMan versions 1.2.7 and earlier

Description The issue allows remote authenticated users to bypass intended access restrictions. This is due to improper validation of allowed actions, enabling users to assign administrative privileges to themselves via a crafted request to "signup.php".

Recommendations For OpenDocMan versions 1.2.7 and earlier, update to a version that properly validates user actions to prevent unauthorized privilege escalation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-1946

Affected Products

Opendocman

PT-2018-4183 · Opendocman · Opendocman

CVE-2014-1946

Weakness Enumeration

Related Identifiers

Affected Products

References · 5