PT-2006-1987 · Archangel · Archangel Weblog
Dj7Xpl
·
Publicado
2006-03-01
·
Atualizado
2018-10-18
·
CVE-2006-0944
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Archangel Weblog version 0.90.02
Description
The issue allows remote attackers to bypass authentication. This is achieved by setting the
ba admin cookie to 1, which enables unauthorized access.Recommendations
For Archangel Weblog version 0.90.02, consider disabling the use of the
ba admin cookie until a patch is available to prevent unauthorized access. Restrict access to sensitive areas of the weblog to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Archangel Weblog