Description
Ektron is a privately held software company based in Nashua, New Hampshire. It provides web
content management and customer experience management software. Ektron's primary
product is Ektron Web Content Management, which is built on the Microsoft .NET Framework.
By directly accessing the page located at /WorkArea/edituserprofile.aspx, an attacker can hijack the admin or builtin account and compromise the system.
Remediation
Upgrade to the latest version of Ektron CMS.
References
Related Vulnerabilities
WordPress Plugin CMS Tree Page View Security Bypass (1.3.4)
WordPress Plugin Revive Old Post-Auto Post to Social Media Security Bypass (6.9.3)
WordPress Plugin YITH WooCommerce Multi Vendor Security Bypass (3.4.0)
WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)
WordPress Plugin WP Ultimate Email Marketer Multiple Vulnerabilities (1.1.0)