PT-2006-2292 · Himpfen Consulting Company · Php Simplenews
Aliaksandr Hartsuyeu
·
Publicado
2006-03-19
·
Atualizado
2017-07-20
·
CVE-2006-1276
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Himpfen Consulting Company PHP SimpleNEWS version 1.0.0
Description
The issue allows remote attackers to bypass authentication. This is achieved by setting the
admin parameter in a cookie, which is associated with the admin.php file.Recommendations
For Himpfen Consulting Company PHP SimpleNEWS version 1.0.0, consider removing or restricting access to the admin.php file until a proper fix is available, and avoid using the
admin parameter in cookies to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Php Simplenews