Vignette Content Management 6 Security Bypass

`<!--  
# Exploit Title: Security Bypass Vulnerability in Vignette Content  
Management version 6  
# Date: 05-11-2018  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: http://www.vignette.com/  
# Software Link: http://www.vignette.com/  
# Version: Vignette Content Management version 6  
# Tested on: all  
# CVE : CVE-2018-18941  
# Category: webapps  
  
1. Description  
  
In Vignette Content Management version 6, it's possible to gain  
administrator privileges by discovering the admin password in the  
vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code,  
and then creating a privileged user account.  
  
  
2. Proof of Concept  
  
http://X.X.X.X/vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin.  
  
Once you authenticate you change the user by the administrator (uid =  
admin) and you will see the asterisks in the password field that you can  
use to authenticate later and create administrator users or modify any  
feature of the CMS. I discovered this vulnerability in 2005.  
  
  
3. Solution:  
  
The product is discontinued. Update to last version this product. See more  
in http://www.vignette.com (  
https://en.wikipedia.org/wiki/Vignette_Corporation)  
>  
  
`