Vignette Content Management 6 Security Bypass

2018.11.12
Credit: Rafael Pedrero
Risk: Medium
Local: Yes
Remote: No
CVE: CVE-2018-18941
CWE: CWE-255


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

<!-- # Exploit Title: Security Bypass Vulnerability in Vignette Content Management version 6 # Date: 05-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.vignette.com/ # Software Link: http://www.vignette.com/ # Version: Vignette Content Management version 6 # Tested on: all # CVE : CVE-2018-18941 # Category: webapps 1. Description In Vignette Content Management version 6, it's possible to gain administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. 2. Proof of Concept http://X.X.X.X/vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin. Once you authenticate you change the user by the administrator (uid = admin) and you will see the asterisks in the password field that you can use to authenticate later and create administrator users or modify any feature of the CMS. I discovered this vulnerability in 2005. 3. Solution: The product is discontinued. Update to last version this product. See more in http://www.vignette.com ( https://en.wikipedia.org/wiki/Vignette_Corporation) >


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top