admin/Auth in OpenKM 5.1.7 and other versions prior to 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openkm openkm |
||
openkm openkm 5.1.8 |