CVE-2011-3645

Newgen OmniDocs - Unauthenticated Permission Bypass via FolderRights or UserIndex Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3645. PoCs published by Sohil Garg.

AI-analyzed exploit summary The document describes two vulnerabilities in OmniDocs: privilege escalation via the 'FolderRights' parameter and direct object access via the 'UserIndex' parameter. No executable exploit code is provided, only URLs and parameter manipulation details.

Description

Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.

Exploits (1)

exploitdb WRITEUP
by Sohil Garg · textwebappsjsp
https://www.exploit-db.com/exploits/17897

The document describes two vulnerabilities in OmniDocs: privilege escalation via the 'FolderRights' parameter and direct object access via the 'UserIndex' parameter. No executable exploit code is provided, only URLs and parameter manipulation details.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: OmniDocs (All versions)
Auth required
Prerequisites: Access to the target application · Valid session or authentication credentials
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8394
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Sep/283
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17897

Scores

EPSS 0.0269
EPSS Percentile 84.1%

Details

CWE
CWE-264
Status published
Products (1)
newgensoft/omnidocs
Published Sep 27, 2011
Tracked Since Feb 18, 2026