Description
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
Exploits (1)
References (5)
Core 5
Core References
Issue Tracking x_refsource_misc
https://igniterealtime.org/issues/browse/OF-941
Various Sources x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-50
Exploit x_refsource_misc
http://packetstormsecurity.com/files/133559/Openfire-3.10.2-Privilege-Escalation.html
Exploit exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/38190/
Scores
EPSS
0.0386
EPSS Percentile
88.3%
Details
CWE
CWE-264
Status
published
Products (1)
igniterealtime/openfire
3.10.2
Published
Oct 05, 2015
Tracked Since
Feb 18, 2026