CVE-2005-4861

Name of the Vulnerable Software and Affected Versions: Ragnarok Online Control Panel (ROCP) version 4.3.4a

Description: The issue allows remote attackers to bypass authentication. This is achieved by requesting account manage.php with a trailing /login.php PHP SELF value, which is not properly handled by the CHECK AUTH function.

Recommendations: For Ragnarok Online Control Panel (ROCP) version 4.3.4a, consider modifying the CHECK AUTH function to properly handle the PHP SELF value, specifically to prevent bypassing authentication when a trailing /login.php is requested. As a temporary workaround, restrict access to the account manage.php endpoint to minimize the risk of exploitation.