Full Disclosure mailing list archives
[CVE-2018-18941] Security Vulnerability in Vignette Content Management version 6
From: Rafael Pedrero <rafael.pedrero () gmail com>
Date: Tue, 6 Nov 2018 07:58:31 +0100
Some time ago I discovered some vulnerabilities and did not report them over 2003 to 2010, the time came, better late than never :-D <!-- # Exploit Title: Security Bypass Vulnerability in Vignette Content Management version 6 # Date: 05-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.vignette.com/ # Software Link: http://www.vignette.com/ # Version: Vignette Content Management version 6 # Tested on: all # CVE : CVE-2018-18941 # Category: webapps 1. Description In Vignette Content Management version 6, it's possible to gain administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. 2. Proof of Concept http://X.X.X.X/vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin. Once you authenticate you change the user by the administrator (uid = admin) and you will see the asterisks in the password field that you can use to authenticate later and create administrator users or modify any feature of the CMS. I discovered this vulnerability in 2005. 3. Solution: The product is discontinued. Update to last version this product. See more in http://www.vignette.com ( https://en.wikipedia.org/wiki/Vignette_Corporation)
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [CVE-2018-18941] Security Vulnerability in Vignette Content Management version 6 Rafael Pedrero (Nov 09)