Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Content_suite | Vignette | 6.0 (including) | 6.0 (including) |
Content_suite | Vignette | 7.0 (including) | 7.0 (including) |
Storyserver | Vignette | 4.0 (including) | 4.0 (including) |
Storyserver | Vignette | 4.1 (including) | 4.1 (including) |
Storyserver | Vignette | 5.0 (including) | 5.0 (including) |
Vignette | Vignette | 5.0 (including) | 5.0 (including) |