ID CVE-2018-12596
Summary Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
exploit-db via4
description Ektron CMS 9.20 SP2 - Improper Access Restrictions. CVE-2018-12596. Webapps exploit for ASPX platform
file exploits/aspx/webapps/45577.txt
id EDB-ID:45577
last seen 2018-10-10
modified 2018-10-10
platform aspx
port
published 2018-10-10
reporter Exploit-DB
source https://www.exploit-db.com/download/45577/
title Ektron CMS 9.20 SP2 - Improper Access Restrictions
type webapps
packetstorm via4
data source https://packetstormsecurity.com/files/download/149734/ektroncms920sp2-access.txt
id PACKETSTORM:149734
last seen 2018-10-11
published 2018-10-10
reporter Alt3kx
source https://packetstormsecurity.com/files/149734/Ektron-CMS-9.20-SP2-Improper-Access-Restrictions.html
title Ektron CMS 9.20 SP2 Improper Access Restrictions
refmap via4
fulldisc 20181008 Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018-12596)
misc
Last major update 10-10-2018 - 17:29
Published 10-10-2018 - 17:29
Last modified 12-10-2018 - 06:29
Back to Top