Vulnerability Details CVE-2005-4458
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.6%
CVSS Severity
CVSS v2 Score 9.0
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1012.html
- http://secunia.com/advisories/18137
- http://securityreason.com/securityalert/287
- http://www.metadot.com/metadot/index.pl?iid=2632
- http://www.osvdb.org/22014
- http://www.securityfocus.com/archive/1/420002/100/0/threaded
- http://www.securityfocus.com/bid/15975
- http://www.vupen.com/english/advisories/2005/3030
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23847
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1012.html
- http://secunia.com/advisories/18137
- http://securityreason.com/securityalert/287
- http://www.metadot.com/metadot/index.pl?iid=2632
- http://www.osvdb.org/22014
- http://www.securityfocus.com/archive/1/420002/100/0/threaded
- http://www.securityfocus.com/bid/15975
- http://www.vupen.com/english/advisories/2005/3030
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23847
Products affected by CVE-2005-4458
-
cpe:2.3:a:metadot:metadot_portal_server:5.5.2.1
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.4
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.4.1
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.4.2
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.4.3
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.5
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.5.1
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.5.2
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.5.3
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.5.3.1
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.5.4b5
-
cpe:2.3:a:metadot:metadot_portal_server:5.6.6
-
cpe:2.3:a:metadot:metadot_portal_server:6.4
-
cpe:2.3:a:metadot:metadot_portal_server:6.4.1
-
cpe:2.3:a:metadot:metadot_portal_server:6.4.2
-
cpe:2.3:a:metadot:metadot_portal_server:6.4.3
-
cpe:2.3:a:metadot:metadot_portal_server:6.4.4