SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  OpenKM userEdit Privilege Escalation

Category: MISC      

admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2315


Relevant Information