CVE-2003-0589

Name of the Vulnerable Software and Affected Versions: Digi-ads version 1.1

Description: The issue allows remote attackers to bypass authentication by setting a cookie with the username set to the name of the administrator. This satisfies an improper condition in the 'admin.php' endpoint that does not require a correct password.

Recommendations: For Digi-ads version 1.1, as a temporary workaround, consider restricting access to the 'admin.php' endpoint until a patch is available. Avoid using the username variable in the 'admin.php' endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.