Sharetronix <= 3.1.1 (AJAX Services) Authentication Bypass Vulnerability
• Software Link:
• Affected Versions:
Version 3.1.1 and probably other versions.
• Vulnerability Description:
The application does not properly restrict access to certain AJAX functionalities. This can be exploited to bypass the authentication mechanism and access such functionalities without valid credentials.
• Solution:
No official solution is currently available.
• Disclosure Timeline:
[06/11/2013] – Vendor notified
[06/11/2013] – Vendor response stating “Please immediately cease and desist all such communications”
[05/12/2013] – Public disclosure
• CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5356 to this vulnerability.
• Credits:
Vulnerability discovered by Egidio Romano, Secunia Research.