Description
Ektron is a privately held software company based in Nashua, New Hampshire. It provides web
content management and customer experience management software. Ektron's primary
product is Ektron Web Content Management, which is built on the Microsoft .NET Framework.
By directly accessing the page located at /WorkArea/edituserprofile.aspx, an attacker can hijack the admin or builtin account and compromise the system.
Remediation
Upgrade to the latest version of Ektron CMS.
References
Related Vulnerabilities
WordPress Plugin Search Exclude Security Bypass (1.2.2)
WordPress Plugin TheCartPress eCommerce Shopping Cart Order Information Security Bypass (1.1.9.2)
Spring Security Authentication Bypass
WordPress Plugin Cookie Information-Free GDPR Consent Solution Security Bypass (2.0.22)
WordPress Plugin MAC PHOTO GALLERY Multiple Security Bypass Vulnerabilities (3.0)