The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php.
References
Configurations
History
No history.
Information
Published : 2008-09-25 19:25
Updated : 2024-02-28 11:21
NVD link : CVE-2008-4245
Mitre link : CVE-2008-4245
CVE.ORG link : CVE-2008-4245
JSON object : View
Products Affected
rianxosencabos_cms
- rianxosencabos_cms
CWE
CWE-264
Permissions, Privileges, and Access Controls