PT-2002-1542 · Alguest · Alguest

Published

2002-06-11

Updated

2008-09-05

CVE-2002-0491

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AlGuest version 1.0

Description The issue allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to an arbitrary value. This is due to the admin.php file in AlGuest checking for the existence of the admin cookie to authenticate the administrator.

Recommendations For AlGuest version 1.0, consider disabling the admin.php file or restricting access to it until a proper authentication mechanism is implemented to prevent arbitrary admin cookie values from being set.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0491

Affected Products

Alguest

PT-2002-1542 · Alguest · Alguest

CVE-2002-0491

Related Identifiers

Affected Products

References · 4