Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Ecartis User Password Reset Privilege Escalation

Medium

Synopsis

The remote host is running the Ecartis Mailing List Manager web interface (lsg2.cgi).

Description

The remote host is running the Ecartis Mailing List Manager web interface (lsg2.cgi). There is a vulnerability in versions older than version 1.0.0 snapshot 20030227 which allows an attacker to spoof a username while changing passwords, thus potentially gaining control of the mailing list.

Solution

Upgrade to version 1.0.0 snapshot 20030227 or higher.