Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the "double click selector bug"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to "change permissions" and the "new UI."
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2009-02-11 00:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-6109
Mitre link : CVE-2008-6109
CVE.ORG link : CVE-2008-6109
JSON object : View
Products Affected
shelter_manager
- animal_shelter_manager
CWE
CWE-264
Permissions, Privileges, and Access Controls