CVE-2003-0588

Name of the Vulnerable Software and Affected Versions: Digi-news version 1.1

Description: The issue allows remote attackers to bypass authentication. This is achieved by setting the username variable in a cookie to the name of the administrator. The admin.php file contains an improper condition that does not require a correct password, thus allowing unauthorized access.

Recommendations: For Digi-news version 1.1, consider temporarily disabling the admin.php file until a patch is available to prevent exploitation. Restrict access to the admin.php file to minimize the risk of unauthorized access. Avoid using the username variable in the cookie to authenticate users until the issue is resolved.