Vulnerabilities > CVE-2005-4458 - Privilege Escalation vulnerability in MetaDot Portal Server Site_Mgr Group

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

metadot

critical

NVD

Published: 2005-12-21

Updated: 2018-10-19

Summary

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.

Vulnerable Configurations

Part	Description	Count
Application	Metadot Metadot Metadot Portal Server 5.5.2.1 Metadot Metadot Portal Server 5.6.4 Metadot Metadot Portal Server 5.6.4.1 Metadot Metadot Portal Server 5.6.4.2 Metadot Metadot Portal Server 5.6.4.3 Metadot Metadot Portal Server 5.6.5 Metadot Metadot Portal Server 5.6.5.1 Metadot Metadot Portal Server 5.6.5.2 Metadot Metadot Portal Server 5.6.5.3 Metadot Metadot Portal Server 5.6.5.3.1 Metadot Metadot Portal Server 5.6.5.4B5 Metadot Metadot Portal Server 5.6.6 Metadot Metadot Portal Server 6.4 Metadot Metadot Portal Server 6.4.1 Metadot Metadot Portal Server 6.4.2 Metadot Metadot Portal Server 6.4.3 Metadot Metadot Portal Server 6.4.4	17

Summary

Vulnerable Configurations

References