Back to search
CVE-2018-12596
Published: Oct 10, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
45577
exploit
x_refsource_EXPLOIT-DB
20181008 Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018-12596)
mailing-list
x_refsource_FULLDISC
https://github.com/alt3kx/CVE-2018-12596
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now