Sharetronix <= 3.1.1 (AJAX Services) Authentication Bypass Vulnerability

• Affected Versions:

Version 3.1.1 and probably other versions.

• Vulnerability Description:

The application does not properly restrict access to certain AJAX functionalities. This can be exploited to bypass the authentication mechanism and access such functionalities without valid credentials.

• Solution:

No official solution is currently available.

• Disclosure Timeline:

[06/11/2013] – Vendor notified

[06/11/2013] – Vendor response stating “Please immediately cease and desist all such communications”

[05/12/2013] – Public disclosure

• CVE Reference:

The Common Vulnerabilities and Exposures project ( has assigned the name CVE-2013-5356 to this vulnerability.

• Credits:

Vulnerability discovered by Egidio Romano, Secunia Research.

• Original Advisory: