| VID |
21320 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The OpenDocMan version installed on the Web server has an Access Bypass Vulnerability.
OpenDocMan is a web based document management system designed to comply with ISO 17025 and OIE standard for document management. There is the vulnerability that could allow users to make unauthorized changes, caused by a missing authentication check in "commitchange.php".
By exploiting this vulnerability, a remote attacker could gain administrator privileges in the application, which could delete all user accounts, denying access to legitimate users without proper authorization.
* Note: This check solely relied on the version of the remote OpenDocMan program installed on the web server to assess this vulnerability, so this might be a False Positive.
* References:
http://archives.neohapsis.com/archives/secunia/2004-q3/0150.html
* Platforms Affected:
OpenDocMan 1.0
OpenDocMan 1.1 |
| Recommendation |
Upgrade to the version 1.2-Final or the latest version of phpBB fixed this issue, available from the OpenDocMan Download page at http://prdownloads.sourceforge.net/opendocman/opendocman-1.2.tar.gz?download |
| Related URL |
(CVE) |
| Related URL |
10807 (SecurityFocus) |
| Related URL |
(ISS) |
|
