CVE-2018-12596

CRITICAL

Episerver Ektron Cms - Improper Privilege Management

Title source: rule

Description

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).

Exploits (2)

exploitdb WORKING POC

by alt3kx · textwebappsaspx

https://www.exploit-db.com/exploits/45577

View Code ZIP pw:eip

nomisec WRITEUP

by alt3kx · poc

https://github.com/alt3kx/CVE-2018-12596

View Code ZIP pw:eip

References (4)

[Various Sources] https://medium.com/%40alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158

[Exploit, Mailing List, Mitigation, Patch, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Oct/15

[Exploit, Patch, Third Party Advisory] https://github.com/alt3kx/CVE-2018-12596

[Exploit, Mitigation, Patch, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45577/

Scores

CVSS v3 9.8

EPSS 0.4077

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (3)

episerver/ektron_cms 9.00 (3 CPE variants)

episerver/ektron_cms 9.10 (3 CPE variants)

episerver/ektron_cms 9.20 (2 CPE variants)

Published Oct 10, 2018

Tracked Since Feb 18, 2026