PT-2007-3351 · Pl · Pl-Php
Omni
·
Publicado
2007-04-12
·
Atualizado
2018-10-16
·
CVE-2007-2007
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
pL-PHP beta version 0.9
Description
The issue allows remote attackers to bypass authentication. This is achieved by setting the
is admin parameter to 1 in the admin.php file.Recommendations
For pL-PHP beta version 0.9, restrict access to the admin.php file to prevent unauthorized access until a fix is available. As a temporary workaround, consider validating and sanitizing the
is admin parameter to prevent its manipulation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Pl-Php