Описание
MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-1249
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32775
- http://osvdb.org/33497
- http://secunia.com/advisories/24364
- http://www.contelligent.com/contell/cms/c1web/contelligent/site/contelligent/changelog.html?fromRelease=9.1.4
- http://www.securityfocus.com/bid/22785
- http://www.vupen.com/english/advisories/2007/0814
Связанные уязвимости
nvd
почти 19 лет назад
MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.