CVE-2018-14836

Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.

Published: Aug 2, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-14836
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
subrion / subrion_cms	4.2.1	4.2.1.x

https://github.com/intelliants/subrion/issues/762

Vulnerability Database

CVE-2018-14836