Vulnerability Details CVE-2014-1946
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/archive/1/531351/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91577
- https://www.htbridge.com/advisory/HTB23202
- http://www.securityfocus.com/archive/1/531351/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91577
- https://www.htbridge.com/advisory/HTB23202
Products affected by CVE-2014-1946
-
cpe:2.3:a:opendocman:opendocman:1.2.6
-
cpe:2.3:a:opendocman:opendocman:1.2.6.2
-
cpe:2.3:a:opendocman:opendocman:1.2.6.3
-
cpe:2.3:a:opendocman:opendocman:1.2.6.5
-
cpe:2.3:a:opendocman:opendocman:1.2.6.6
-
cpe:2.3:a:opendocman:opendocman:1.2.6.7
-
cpe:2.3:a:opendocman:opendocman:1.2.6.8
-
cpe:2.3:a:opendocman:opendocman:1.2.7