Magnolia CMS Access Bypass Vulnerability Network Vulnerability

Summary

This host is running Magnolia CMS and is prone to access bypass vulnerability.

Impact

Successful exploitation will allow attackers to bypass certain security restrictions, obtain sensitive information and perform unauthorized actions. Impact Level: Application

Solution

Upgrade to Magnolia CMS 4.5.9 or later, For updates refer to http://www.magnolia-cms.com

Insight

The flaw allows non-administrator users to view contents from magnoliaPublic/.magnolia/log4j, /pages/logViewer.html, /pages/configuration.html, /pages/sendMail.html, /pages/permission.html, /pages/installedModulesList.html, and /pages/jcrUtils.html pages.

Affected

Magnolia CMS version 4.5.8 and prior

References

http://seclists.org/fulldisclosure/2013/Jun/202
http://www.osvdb.org/94547

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-4621

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Rave User Information Disclosure Vulnerability
Apache Subversion Module Metadata Accessible
Apache Tomcat Login Constraints Security Bypass Vulnerability

Take action and discover your vulnerabilities