Vignette Content Management 6 Security Bypass

Risk: Medium
Local: Yes
Remote: No
CWE: CWE-255

CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

<!-- # Exploit Title: Security Bypass Vulnerability in Vignette Content Management version 6 # Date: 05-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: # Software Link: # Version: Vignette Content Management version 6 # Tested on: all # CVE : CVE-2018-18941 # Category: webapps 1. Description In Vignette Content Management version 6, it's possible to gain administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. 2. Proof of Concept http://X.X.X.X/vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin. Once you authenticate you change the user by the administrator (uid = admin) and you will see the asterisks in the password field that you can use to authenticate later and create administrator users or modify any feature of the CMS. I discovered this vulnerability in 2005. 3. Solution: The product is discontinued. Update to last version this product. See more in ( >

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019,


Back to Top