Siteman User.PHP Unspecified Security Restriction Bypass Vulnerability

Bugtraq ID:	12558
Class:	Unknown
CVE:	CVE-2005-0305
Remote:	Yes
Local:	No
Published:	Feb 15 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	This vulnerability was reported by the vendor.
Vulnerable:	Siteman Siteman 1.1.10 Siteman Siteman 1.1.9 Siteman Siteman 1.1.1
Not Vulnerable:

Siteman User.PHP Unspecified Security Restriction Bypass Vulnerability

Siteman is reported prone to an unspecified security restriction bypass vulnerability.

The issue may be exploited by a remote attacker to gain 'site owner' (Level 5 member) privileges.

It is reported that this vulnerability exists in Siteman versions from 1.1.0 to 1.1.10.

Siteman User.PHP Unspecified Security Restriction Bypass Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Siteman User.PHP Unspecified Security Restriction Bypass Vulnerability

Solution:
The vendor has released a patch to address this vulnerability.


Siteman Siteman 1.1.10

• Siteman 1.1.10x_patch.zip
  http://prdownloads.sourceforge.net/sitem/1.1.10x_patch.zip?download

Siteman User.PHP Unspecified Security Restriction Bypass Vulnerability

References:

• Release Name: 1.1.10x_patch (Siteman)
  
• Siteman Homepage (Siteman)