PT-2004-1415 · Unknown · Openjournal
Tri Huynh
·
Publicado
2004-09-01
·
Atualizado
2018-05-03
·
CVE-2004-0261
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
OpenJournal versions 2.0 through 2.0.5
Description
The issue allows remote attackers to bypass authentication and access the control panel. This is achieved by setting a
0 in the uid parameter in the oj.cgi endpoint.Recommendations
For OpenJournal versions 2.0 through 2.0.5, as a temporary workaround, consider restricting access to the
oj.cgi endpoint until a patch is available. Avoid using the uid parameter with a value of 0 in the affected endpoint.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openjournal