Skip to main content

CVE-2005-4458

Severity High
Score 9/10

Summary

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.

  • LOW
  • NETWORK
  • SINGLE
  • COMPLETE
  • COMPLETE
  • COMPLETE

References

Advisory Timeline

  • Published