Arbitrary User Privilege Escalation in OpenKM 5.1.7 and Earlier Versions
CVE-2012-2315 · MEDIUM Severity
AV:N/AC:L/AU:S/C:N/I:P/A:N
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
Learn more about our User Device Pen Test.