Xaraya Roles Module Form Handler Security Bypass Vulnerability
BID:23631
Info
Xaraya Roles Module Form Handler Security Bypass Vulnerability
| Bugtraq ID: | 23631 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2007 12:00AM |
| Updated: | Apr 24 2007 10:20PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Xaraya Xaraya 1.1.2 Xaraya Xaraya 1.1.1 Xaraya Xaraya 1.1 Xaraya Xaraya 1.0.2 Xaraya Xaraya 1.0.1 Xaraya Xaraya 1.0 RC4 Xaraya Xaraya 1.0 RC3 Xaraya Xaraya 1.0 RC2 Xaraya Xaraya 1.0 RC1 Xaraya Xaraya 1.0 |
| Not Vulnerable: |
Xaraya Xaraya 1.1.3 |
Discussion
Xaraya Roles Module Form Handler Security Bypass Vulnerability
Xaraya is prone to a vulnerability that will let attackers gain administrative access to the application.
Successful exploits may result in a complete compromise of vulnerable applications.
This issue affects versions of Xaraya prior to 1.1.3.
Xaraya is prone to a vulnerability that will let attackers gain administrative access to the application.
Successful exploits may result in a complete compromise of vulnerable applications.
This issue affects versions of Xaraya prior to 1.1.3.
Exploit / POC
Xaraya Roles Module Form Handler Security Bypass Vulnerability
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
Xaraya Roles Module Form Handler Security Bypass Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
Xaraya Roles Module Form Handler Security Bypass Vulnerability
References:
References:
- Xaraya Home Page (Xaraya)
- Xaraya Release Notes Version 1.1.3 (Xaraya)