Vulnerabilities

CVE-2005-4458

by Fred · 21/12/2005

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.

Date published : 2005-12-21

http://www.securityfocus.com/bid/15975

http://www.securityfocus.com/archive/1/420002/100/0/threaded

Similar

Tags: Cybersecurity Alert