CVE-2018-12596

CRITICAL

Episerver Ektron CMS < 9.0 SP3 CU 31 / 9.1 < SP3 CU 45 / 9.2 < SP2 CU 22 - Unauthenticated Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-12596. PoCs published by alt3kx.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass in Ektron CMS 9.20 SP2 by manipulating the Referer header to access the restricted /WorkArea/activateuser.aspx page, allowing remote attackers to enable users.

Description

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).

Exploits (2)

exploitdb WORKING POC
by alt3kx · textwebappsaspx
https://www.exploit-db.com/exploits/45577

This exploit demonstrates an authentication bypass in Ektron CMS 9.20 SP2 by manipulating the Referer header to access the restricted /WorkArea/activateuser.aspx page, allowing remote attackers to enable users.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Ektron CMS 9.20 SP2
No auth needed
Prerequisites: curl or BurpSuite · network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by alt3kx · poc
https://github.com/alt3kx/CVE-2018-12596

This repository contains a writeup for CVE-2018-12596, an improper access restriction vulnerability in Ektron CMS 9.20 SP2. The vulnerability allows remote attackers to access restricted aspx pages under the /WorkArea/ path, bypassing local admin restrictions.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Ektron CMS 9.20 SP2
No auth needed
Prerequisites: Network access to the Ektron CMS instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Mitigation, Patch, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45577/
Exploit, Mailing List, Mitigation, Patch, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Oct/15
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/alt3kx/CVE-2018-12596

Scores

CVSS v3 9.8
EPSS 0.2238
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (3)
episerver/ektron_cms 9.00 (3 CPE variants)
episerver/ektron_cms 9.10 (3 CPE variants)
episerver/ektron_cms 9.20 (2 CPE variants)
Published Oct 10, 2018
Tracked Since Feb 18, 2026