Description
Episerver CMS is a ASP.NET web content management system and digital marketing suite.
Ektron CMS 9.20 SP2 (and older versions) allows remote attackers to access administrative pages such as (/WorkArea/activateuser.aspx) without authentication by faking the Referer HTTP header.
Remediation
Upgrade to the latest version of Ektorn CMS. This vulnerability was patched with EKTR-508 (Security enhancement for re-enabling a user).
References
Related Vulnerabilities
WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Security Bypass (1.12)
WordPress Plugin s2Member Framework 's2_invoice' Parameter Remote Security Bypass (111105)
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (7.9.0)