CVE-2010-4215 Information

Description

UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup.

Reference

http://foswiki.org/Support/SecurityAlertCVE20104215 http://secunia.com/advisories/42275 http://sourceforge.net/mailarchive/message.php?msg_name=4CD9F6F5.403020440lavrsen.dk http://www.securityfocus.com/bid/44858 https://exchange.xforce.ibmcloud.com/vulnerabilities/63253