Skip to content

alt3kx/CVE-2018-12596

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

CVE-2018-12596

Ektron CMS 9.20 SP2 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).

Exploit-DB publication at https://www.exploit-db.com/exploits/45577/
PacketStorm publication at https://packetstormsecurity.com/files/149734/Ektron-CMS-9.20-SP2-Improper-Access-Restrictions.html

Timeline

================
2018–06–08: Discovered
2018–06–11: Retest staging environment
2018–06–12: Restes live environment
2018–06–19: Internal communication
2018–06–21: Vendor notification
2018–06–21: Vendor feedback
2018–06–29: Vendor feedback product will be patched
2018–06–29: Patch available
2018–06–29: Agrements with the vendor to publish the CVE/Advisory
2018–07–30: Internal communication
2018–09–15: Patches tested on LAB environment
2018–10–08: Public report

Episerver (Ektron Product 9.20 SP2) Patch and credits:

https://support.episerver.com/hc/en-us/articles/115002828112-9-2-SP2-Site-Update

vendor_patch_29 jun 18

Author

Alex Hernandez aka (@_alt3kx_)
My current exploit list @exploit-db: https://www.exploit-db.com/author/?a=1074
CVE-2018-12596 with sexy screens here: https://medium.com/@alt3kx

About

Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018–12596)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published