Back to search
CVE-2011-3645
Published: Sep 27, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
8394
third-party-advisory
x_refsource_SREASON
20110926 [CVE-2011-3645] Multiple vulnerability in "Omnidocs"
mailing-list
x_refsource_FULLDISC
17897
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now