Technical Advisory – ICTFAX 7-4 – Indirect Object Reference
Summary ICTFax is fax to email software maintained by ICTInnovations. In version 7-4 of this product, available through the CentOS software repository, an indirect object reference allows a user of any privilege level to change the password of any other user within the application – including administrators. Impact Successful exploitation of this vulnerability can allow […]