CVE-2016-15002

Published: Jun 9, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely.

Affected (1)

Products: Ideracorp: Webyog Monyog Ultimate

1 product

Webyog Monyog Ultimate

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ideracorp Webyog Monyog Ultimate	Version 6.63

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

References (4)

https://vuldb.com/?id.98355

Source: cna@vuldb.com

Third Party Advisory

https://youtu.be/KKlwi-u6wyA

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?id.98355

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://youtu.be/KKlwi-u6wyA

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.