Unrated severityNVD Advisory· Published Dec 21, 2005· Updated Apr 16, 2026

CVE-2005-4458

Description

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.

Affected products

Metadot/Metadot Portal Server17 versions
cpe:2.3:a:metadot:metadot_portal_server:5.5.2.1:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:metadot:metadot_portal_server:5.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.5.4b5:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:5.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:6.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:6.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:6.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:metadot:metadot_portal_server:6.4.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000