CVE-2007-1249 Information

Description

MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check \the additional environment security configuration\ which allows remote attackers with write permissions to reorder components.

Reference

http://osvdb.org/33497 http://secunia.com/advisories/24364 http://www.contelligent.com/contell/cms/c1web/contelligent/site/contelligent/changelog.html?fromRelease=9.1.4 http://www.securityfocus.com/bid/22785 http://www.vupen.com/english/advisories/2007/0814 https://exchange.xforce.ibmcloud.com/vulnerabilities/32775