Summary
This host is running Magnolia CMS and is prone to access bypass vulnerability.
Impact
Successful exploitation will allow attackers to bypass certain security restrictions, obtain sensitive information and perform unauthorized actions.
Impact Level: Application
Solution
Upgrade to Magnolia CMS 4.5.9 or later,
For updates refer to http://www.magnolia-cms.com
Insight
The flaw allows non-administrator users to view contents from magnoliaPublic/.magnolia/log4j, /pages/logViewer.html, /pages/configuration.html, /pages/sendMail.html, /pages/permission.html, /pages/installedModulesList.html, and /pages/jcrUtils.html pages.
Affected
Magnolia CMS version 4.5.8 and prior
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2013-4621 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities