Description
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8394
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Sep/283
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/17897
Scores
EPSS
0.0108
EPSS Percentile
78.1%
Details
CWE
CWE-264
Status
published
Products (1)
newgensoft/omnidocs
Published
Sep 27, 2011
Tracked Since
Feb 18, 2026