Vulnerabilities > CVE-2005-4453 - Privilege Escalation vulnerability in Ultraapps Issue Manager 2.1

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ultraapps

critical

NVD

Published: 2005-12-21

Updated: 2018-10-19

Summary

UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field.

Vulnerable Configurations

Part	Description	Count
Application	Ultraapps Ultraapps Ultraapps Issue Manager 2.1	1

References

http://secunia.com/advisories/18174
http://www.irmplc.com/advisory013.htm
http://www.securityfocus.com/archive/1/419910/100/0/threaded
http://www.securityfocus.com/bid/15976
http://www.vupen.com/english/advisories/2005/3031