CVE-2018-14836

Published: Aug 2, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.

Affected (1)

Products: Subrion: Subrion Cms

Subrion

1 product

Subrion Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Subrion Subrion Cms	Version 4.2.1

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://github.com/intelliants/subrion/issues/762

Source: cve@mitre.org

Third Party Advisory

https://github.com/intelliants/subrion/issues/762

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.