Description
Ektron is a privately held software company based in Nashua, New Hampshire. It provides web
content management and customer experience management software. Ektron's primary
product is Ektron Web Content Management, which is built on the Microsoft .NET Framework.
By directly accessing the page located at /WorkArea/edituserprofile.aspx, an attacker can hijack the admin or builtin account and compromise the system.
Remediation
Upgrade to the latest version of Ektron CMS.
References
Related Vulnerabilities
WordPress Plugin Theme Blvd Sliders Multiple Security Bypass Vulnerabilities (1.2.3)
WordPress Plugin TwitterCart Security Bypass (2.0)
Joomla! Core 3.x.x Security Bypass (3.8.8 - 3.9.16)
WordPress Plugin Booking Privilege Escalation (2.4)
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (8.9)