Contelligent MoveSortedContentAction Security Bypass Vulnerability

Bugtraq ID:	22785
Class:	Design Error
CVE:	CVE-2007-1249
Remote:	Yes
Local:	No
Published:	Mar 02 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	The vendor reported this issue.
Vulnerable:	C1 Financial Services Contelligent 9.1.4
Not Vulnerable:	C1 Financial Services Contelligent 9.1.5

Contelligent MoveSortedContentAction Security Bypass Vulnerability

Contelligent is prone to a security-bypass vulnerability.

A remote attacker can exploit this issue to reorder certain components. This may lead to other attacks.

This issue affects versions prior to 9.1.5.

Contelligent MoveSortedContentAction Security Bypass Vulnerability

Attackers can use a browser to exploit this issue.

Contelligent MoveSortedContentAction Security Bypass Vulnerability

Solution:
The vendor has released version 9.1.5 to address this issue. Please see the references for more information.


C1 Financial Services Contelligent 9.1.4

• C1 Financial Services Contelligent 9.1.5
  http://www.contelligent.com/contell/cms/c1web/contelligent/site/contel ligent/downloads/index.html

Contelligent MoveSortedContentAction Security Bypass Vulnerability

References:

• Changelog: 9.1.4 - current (C1 Financial Services)
  
• Contelligent Product Page (C1 Financial Services)