CVE-2011-2674 Information

Description

BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group which allows remote authenticated users to gain privileges via unspecified vectors.

Reference

http://basercms.net/patch/JVN09789751 http://jvn.jp/en/jp/JVN16617002/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000066