Published: 09/09/2012 Updated: 29/08/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

admin/Auth in OpenKM 5.1.7 and other versions prior to 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openkm openkm
openkm openkm 5.1.8

######################################################################## ## # # COMPASS SECURITY ADVISORY wwwcsncch/ ######################################################################## ## # # ID: COMPASS-2012-002 # Product: OpenKM Document Management System 517 [1] # Vendor: OpenKM wwwopenkmcom/ # Subject: Cross-site ...

CWE-264 http://www.openwall.com/lists/oss-security/2012/04/27/6 http://archives.neohapsis.com/archives/bugtraq/2012-01/0007.html http://www.openwall.com/lists/oss-security/2012/03/23/8 http://www.openwall.com/lists/oss-security/2012/05/04/2 http://osvdb.org/78105 http://archives.neohapsis.com/archives/bugtraq/2012-01/0021.html http://www.securityfocus.com/bid/51250 http://secunia.com/advisories/47424 http://www.openwall.com/lists/oss-security/2012/05/04/13 http://www.openwall.com/lists/oss-security/2012/03/23/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/72112 https://nvd.nist.gov https://www.exploit-db.com/exploits/18888/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2315

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect