Description

Ektron is a privately held software company based in Nashua, New Hampshire. It provides web content management and customer experience management software. Ektron's primary product is Ektron Web Content Management, which is built on the Microsoft .NET Framework.

By directly accessing the page located at /WorkArea/edituserprofile.aspx, an attacker can hijack the admin or builtin account and compromise the system.

Remediation

Upgrade to the latest version of Ektron CMS.

References

Ektron CMS Take Over

Related Vulnerabilities

WordPress Plugin Simple Social Media Share Buttons-Social Sharing for Everyone Privilege Escalation (2.0.21)

WordPress Plugin WP-Invoice-Web Invoice and Billing Multiple Vulnerabilities (4.1.0)

WordPress Plugin WP e-Commerce-Store Exporter Privilege Escalation (1.6.6)

Oracle Business Intelligence AuthBypass CVE-2019-2768

WordPress Plugin Jigoshop-Store Toolkit Privilege Escalation (1.3.8)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Authentication Bypass Insecure Admin Access