Description
Episerver CMS is a ASP.NET web content management system and digital marketing suite.
Ektron CMS 9.20 SP2 (and older versions) allows remote attackers to access administrative pages such as (/WorkArea/activateuser.aspx) without authentication by faking the Referer HTTP header.
Remediation
Upgrade to the latest version of Ektorn CMS. This vulnerability was patched with EKTR-508 (Security enhancement for re-enabling a user).
References
Related Vulnerabilities
WordPress Plugin WP SEO TDK Security Bypass (2.0.2)
WordPress Plugin PayPal for WooCommerce Security Bypass (1.5.7)
WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2)
WordPress Plugin Essential Addons for Elementor Security Bypass (5.7.1)
WordPress Plugin Widgets for WooCommerce Products on Elementor Security Bypass (1.0.5)