PT-2002-2456 · Newspro · Newspro

Published

2002-12-31

Updated

2017-07-11

CVE-2002-1734

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NewsPro version 1.01

Description The issue allows remote attackers to gain unauthorized administrator access. This can be achieved by setting the authentication cookie to "logged,true".

Recommendations For NewsPro version 1.01, update the authentication mechanism to properly validate and secure cookies, preventing unauthorized access by setting the authentication cookie to "logged,true".

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1734

Affected Products

Newspro

PT-2002-2456 · Newspro · Newspro

CVE-2002-1734

Related Identifiers

Affected Products

References · 4