PT-2009-4290 · Mycolex · Mycolex
Yenh4Cker
·
Publicado
2009-05-29
·
Atualizado
2017-09-29
·
CVE-2009-1825
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
myColex version 1.4.2
Description:
The issue allows remote authenticated users to list user accounts without requiring administrative authentication. This is possible via a Find action in the modules/admuser.php file.
Recommendations:
For myColex version 1.4.2, consider restricting access to the modules/admuser.php file until a patch is available, or implement proper administrative authentication to prevent unauthorized access.
Exploit
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mycolex