CVE-2012-2315

OpenKM <5.1.8-2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2315.

AI-analyzed exploit summary This exploit demonstrates a CSRF-based OS command execution vulnerability in OpenKM Document Management System 5.1.7. It leverages the lack of anti-CSRF tokens in the administrative interface to execute arbitrary commands via the scripting.jsp endpoint.

Description

admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.

Exploits (1)

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/18888

View Code ZIP pw:eip

This exploit demonstrates a CSRF-based OS command execution vulnerability in OpenKM Document Management System 5.1.7. It leverages the lack of anti-CSRF tokens in the administrative interface to execute arbitrary commands via the scripting.jsp endpoint.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: OpenKM Document Management System 5.1.7

Auth required

Prerequisites: Administrator access to OpenKM · Victim must be lured to a malicious page or URL

MITRE ATT&CK