PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
BID:26362
Info
PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
| Bugtraq ID: | 26362 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-5920 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 24 2007 12:00AM |
| Updated: | Nov 20 2007 07:04PM |
| Credit: | The vendor disclosed these issues. |
| Vulnerable: |
PicoFlat CMS PicoFlat CMS 0.4.14 PicoFlat CMS PicoFlat CMS 0.4.5 |
| Not Vulnerable: |
PicoFlat CMS PicoFlat CMS 0.4.18 |
Discussion
PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
PicoFlat CMS is prone to multiple security-bypass vulnerabilities because the application fails to properly validate user privileges.
An unprivileged attacker may exploit these issues to bypass certain security restrictions and gain access to perform certain actions.
These issues affect versions prior to PicoFlat CMS 0.4.18.
PicoFlat CMS is prone to multiple security-bypass vulnerabilities because the application fails to properly validate user privileges.
An unprivileged attacker may exploit these issues to bypass certain security restrictions and gain access to perform certain actions.
These issues affect versions prior to PicoFlat CMS 0.4.18.
Exploit / POC
PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
Solution:
The vendor has released PicoFlat CMS 0.4.18 to address these issues. Please see the references for more information.
PicoFlat CMS PicoFlat CMS 0.4.14
PicoFlat CMS PicoFlat CMS 0.4.5
Solution:
The vendor has released PicoFlat CMS 0.4.18 to address these issues. Please see the references for more information.
PicoFlat CMS PicoFlat CMS 0.4.14
-
PicoFlat CMS PicoFlatCMS_24102007.0.4.18.tar.gz
http://downloads.sourceforge.net/picoflatcms/PicoFlatCMS_24102007.0.4. 18.tar.gz?modtime=1193255741&big_mirror=0
PicoFlat CMS PicoFlat CMS 0.4.5
-
PicoFlat CMS PicoFlatCMS_24102007.0.4.18.tar.gz
http://downloads.sourceforge.net/picoflatcms/PicoFlatCMS_24102007.0.4. 18.tar.gz?modtime=1193255741&big_mirror=0
References
PicoFlat CMS Multiple Remote Security Bypass Vulnerabilities
References:
References:
- PicoFlat CMS 0.4.18 Release Notes (PicoFlat CMS)
- PicoFlat CMS Homepage (PicoFlat CMS)