Description
templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Oliver Karow · textremotewindows
https://www.exploit-db.com/exploits/25697
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15452
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111695726810435&w=2
Patch x_refsource_confirm
http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/16763
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13723
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/0589
Scores
EPSS
0.0091
EPSS Percentile
76.0%
Details
Status
published
Products (1)
bluecoat/reporter
< 7.1.1
Published
May 24, 2005
Tracked Since
Feb 18, 2026