CVE-2018-12596

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:episerver:ektron_cms:9.00:-:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.00:sp1:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.00:sp2:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.10:-:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.10:sp1:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.10:sp2:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.20:-:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.20:sp1:*:*:*:*:*:*

History

21 Nov 2024, 03:45

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2018/Oct/15 - Exploit, Mitigation, Mailing List, Patch, Third Party Advisory () http://seclists.org/fulldisclosure/2018/Oct/15 - Exploit, Mailing List, Mitigation, Patch, Third Party Advisory
References () https://github.com/alt3kx/CVE-2018-12596 - Exploit, Patch, Third Party Advisory () https://github.com/alt3kx/CVE-2018-12596 - Exploit, Patch, Third Party Advisory
References () https://medium.com/%40alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158 - () https://medium.com/%40alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158 -
References () https://www.exploit-db.com/exploits/45577/ - Exploit, Mitigation, Patch, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/45577/ - Exploit, Mitigation, Patch, Third Party Advisory, VDB Entry

07 Nov 2023, 02:52

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158', 'name': 'https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158', 'tags': ['Exploit', 'Patch', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158 -

Information

Published : 2018-10-10 21:29

Updated : 2024-11-21 03:45


NVD link : CVE-2018-12596

Mitre link : CVE-2018-12596

CVE.ORG link : CVE-2018-12596


JSON object : View

Products Affected

episerver

  • ektron_cms
CWE
CWE-269

Improper Privilege Management