• Software Link:
• Affected Versions:
Version 3.1.1 and probably other versions.
• Vulnerability Description:
The application does not properly restrict access to certain AJAX functionalities. This can be exploited to bypass the authentication mechanism and access such functionalities without valid credentials.
No official solution is currently available.
• Disclosure Timeline:
[06/11/2013] – Vendor notified
[06/11/2013] – Vendor response stating “Please immediately cease and desist all such communications”
[05/12/2013] – Public disclosure
• CVE Reference:
Vulnerability discovered by Egidio Romano, Secunia Research.
• Original Advisory: