Skip to content

Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018–12596)

License

Notifications You must be signed in to change notification settings

alt3kx/CVE-2018-12596

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 

Repository files navigation

CVE-2018-12596

Ektron CMS 9.20 SP2 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).

Exploit-DB publication at https://www.exploit-db.com/exploits/45577/
PacketStorm publication at https://packetstormsecurity.com/files/149734/Ektron-CMS-9.20-SP2-Improper-Access-Restrictions.html

Timeline

================
2018–06–08: Discovered
2018–06–11: Retest staging environment
2018–06–12: Restes live environment
2018–06–19: Internal communication
2018–06–21: Vendor notification
2018–06–21: Vendor feedback
2018–06–29: Vendor feedback product will be patched
2018–06–29: Patch available
2018–06–29: Agrements with the vendor to publish the CVE/Advisory
2018–07–30: Internal communication
2018–09–15: Patches tested on LAB environment
2018–10–08: Public report

Episerver (Ektron Product 9.20 SP2) Patch and credits:

https://support.episerver.com/hc/en-us/articles/115002828112-9-2-SP2-Site-Update

vendor_patch_29 jun 18

Author

Alex Hernandez aka (@_alt3kx_)
My current exploit list @exploit-db: https://www.exploit-db.com/author/?a=1074
CVE-2018-12596 with sexy screens here: https://medium.com/@alt3kx

About

Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018–12596)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published