PT-2004-1415 · Unknown · Openjournal

Tri Huynh

Published

2004-09-01

Updated

2018-05-03

CVE-2004-0261

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenJournal versions 2.0 through 2.0.5

Description The issue allows remote attackers to bypass authentication and access the control panel. This is achieved by setting a 0 in the uid parameter in the oj.cgi endpoint.

Recommendations For OpenJournal versions 2.0 through 2.0.5, as a temporary workaround, consider restricting access to the oj.cgi endpoint until a patch is available. Avoid using the uid parameter with a value of 0 in the affected endpoint.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0261

Affected Products

Openjournal

PT-2004-1415 · Unknown · Openjournal

CVE-2004-0261

Related Identifiers

Affected Products

References · 7