Ektron CMS Account Hijack

Description
  • Ektron is a privately held software company based in Nashua, New Hampshire. It provides web content management and customer experience management software. Ektron's primary product is Ektron Web Content Management, which is built on the Microsoft .NET Framework. <br/><br/> By dirrectly accessing the page located at /WorkArea/edituserprofile.aspx, an attacker can hijack the admin or builtin account and compromise the system.
Remediation
  • Upgrade to the latest version of Ektron CMS.
References
Severity
Classification
Tags