Arbitrary User Privilege Escalation in OpenKM 5.1.7 and Earlier Versions

Arbitrary User Privilege Escalation in OpenKM 5.1.7 and Earlier Versions

CVE-2012-2315 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.

Learn more about our User Device Pen Test.