Group.pm in Metadot Portal Server 6.4.4 and previous versions does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
metadot metadot portal server 5.5.2.1 |
||
metadot metadot portal server 5.6.4.2 |
||
metadot metadot portal server 5.6.4.3 |
||
metadot metadot portal server 5.6.6 |
||
metadot metadot portal server 6.4 |
||
metadot metadot portal server 5.6.5 |
||
metadot metadot portal server 5.6.5.1 |
||
metadot metadot portal server 6.4.1 |
||
metadot metadot portal server 6.4.2 |
||
metadot metadot portal server 5.6.4 |
||
metadot metadot portal server 5.6.4.1 |
||
metadot metadot portal server 5.6.5.3.1 |
||
metadot metadot portal server 5.6.5.4b5 |
||
metadot metadot portal server 5.6.5.2 |
||
metadot metadot portal server 5.6.5.3 |
||
metadot metadot portal server 6.4.3 |
||
metadot metadot portal server 6.4.4 |