Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors.