CVE-2010-4215

Published: Nov 17, 2010Modified: Apr 29, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup.

Affected (2)

Products: Foswiki: Foswiki

Foswiki

1 product

Foswiki

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Foswiki Foswiki	Version 1.1.0
Foswiki Foswiki	Version 1.1.1

Related CWEs

CWE-264

References (10)

http://foswiki.org/Support/SecurityAlertCVE20104215

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/42275

Source: cve@mitre.org

Vendor Advisory

http://sourceforge.net/mailarchive/message.php?msg_name=4CD9F6F5.4030204%40lavrsen.dk

Source: cve@mitre.org

http://www.securityfocus.com/bid/44858

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/63253

Source: cve@mitre.org

http://foswiki.org/Support/SecurityAlertCVE20104215