Description
The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75184
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000077
Third Party Advisory x_refsource_confirm
http://jvn.jp/en/jp/JVN19732015/995646/index.html
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN19732015/index.html
Scores
EPSS
0.0120
EPSS Percentile
64.4%
Details
CWE
CWE-284
Status
published
Products (3)
igreks/milkystep_light
< 0.94
igreks/milkystep_professional
< 1.82
igreks/milkystep_professional_oem
< 1.82
Published
Jun 13, 2015
Tracked Since
Feb 18, 2026