PT-2007-2865 · Orion · Orion-Blog
Publicado
2007-03-16
·
Atualizado
2018-10-16
·
CVE-2007-1471
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Orion-Blog version 2.0
Description
The issue allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for "admin/AdminBlogNewsEdit.asp" in the admin/default.asp file.
Recommendations
For Orion-Blog version 2.0, restrict access to the admin/default.asp file and the admin/AdminBlogNewsEdit.asp page to minimize the risk of exploitation. Consider implementing proper authentication controls to prevent unauthorized access.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Orion-Blog