Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-12596

Published: 10/10/2018 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ektron Cms

Vulnerability Summary

Episerver Ektron CMS prior to 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote malicious users to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

episerver ektron cms 9.00

episerver ektron cms 9.10

episerver ektron cms 9.20

Exploits

Exploit DB: Ektron CMS 9.20 SP2 - Improper Access Restrictions
Details ================ Software: Ektron Content Management System (CMS) Version: 920 SP2 Homepage: wwwepiservercom Advisory report: githubcom/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 75 (HIGH: (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CWE-284 Description ================ Ektron CMS 920 SP2 allows remote attackers to enab ...
Exploit DB: Ektron CMS 9.20 SP2 Improper Access Restrictions
Ektron CMS version 920 SP2 suffers from an improper access restriction vulnerability ...

Github Repositories

https://github.com/alt3kx/CVE-2018-12596

Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018–12596)

CVE-2018-12596 Ektron CMS 920 SP2 allows remote attackers to call aspx pages via the "activateuseraspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins) Exploit-DB publication at wwwexploit-dbcom/exploits/45577/ PacketStorm publication at packetstormsecuritycom/files/

References

CWE-269https://github.com/alt3kx/CVE-2018-12596http://seclists.org/fulldisclosure/2018/Oct/15https://www.exploit-db.com/exploits/45577/https://medium.com/%40alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158https://nvd.nist.govhttps://github.com/alt3kx/CVE-2018-12596https://www.exploit-db.com/exploits/45577/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook