RSS   Vulnerabilities for 'Metadot portal server'   RSS

2005-12-21
 
CVE-2005-4458

CWE-Other
 

 
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.

 


Copyright 2024, cxsecurity.com

 

Back to Top