Privilege Escalation via Insecure Variable Reset in Metadot Portal Server

Privilege Escalation via Insecure Variable Reset in Metadot Portal Server

CVE-2005-4458 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.

Learn more about our Cis Benchmark Audit For Server Software.