Main Vulnerability Database Vulnerabilities #VU18869

Permissions, Privileges, and Access Controls in ConvertPlus - #VU18869

Published: June 21, 2019 / Updated: June 24, 2019

Vulnerability identifier: #VU18869

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ConvertPlug

Affected software:
ConvertPlus

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to user with none role gets created on form submission by curl request for variants.

Install updates from vendor's website.