CVE-2011-3645
Newgen OmniDocs - Unauthenticated Permission Bypass via FolderRights or UserIndex Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-3645. PoCs published by Sohil Garg.
AI-analyzed exploit summary The document describes two vulnerabilities in OmniDocs: privilege escalation via the 'FolderRights' parameter and direct object access via the 'UserIndex' parameter. No executable exploit code is provided, only URLs and parameter manipulation details.
Description
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
Exploits (1)
The document describes two vulnerabilities in OmniDocs: privilege escalation via the 'FolderRights' parameter and direct object access via the 'UserIndex' parameter. No executable exploit code is provided, only URLs and parameter manipulation details.