CVE-2012-1828 Information

Description

The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function as demonstrated by the password-change function.

Reference

http://secunia.com/advisories/49335 http://www.kb.cert.org/vuls/id/773035 http://www.kb.cert.org/vuls/id/MAPG-8RQL83 http://www.securityfocus.com/bid/53716