icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Ecartis User Password Reset Privilege Escalation

Medium

Synopsis

The remote host is running the Ecartis Mailing List Manager web interface (lsg2.cgi).

Description

The remote host is running the Ecartis Mailing List Manager web interface (lsg2.cgi). There is a vulnerability in versions older than version 1.0.0 snapshot 20030227 which allows an attacker to spoof a username while changing passwords, thus potentially gaining control of the mailing list.

Solution

Upgrade to version 1.0.0 snapshot 20030227 or higher.