user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/10558http://securitytracker.com/id?1005541http://secunia.com/advisories/10465
