Scrap

Name of the Vulnerable Software and Affected Versions: Digi-news version 1.1 Description: The issue allows remote attackers to bypass authentication. This is achieved by setting the `username` variable in a cookie to the name of the administrator. The `admin.php` file contains an improper condition that does not require a correct password, thus allowing unauthorized access. Recommendations: For Digi-news version 1.1, consider temporarily disabling the `admin.php` file until a patch is available to prevent exploitation. Restrict access to the `admin.php` file to minimize the risk of unauthorized access. Avoid using the `username` variable in the cookie to authenticate users until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Digi-ads version 1.1 Description: The issue allows remote attackers to bypass authentication by setting a cookie with the `username` set to the name of the administrator. This satisfies an improper condition in the 'admin.php' endpoint that does not require a correct `password`. Recommendations: For Digi-ads version 1.1, as a temporary workaround, consider restricting access to the 'admin.php' endpoint until a patch is available. Avoid using the `username` variable in the 'admin.php' endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.