PT-2006-4632 · Php · Php-Post

Farhad Koosha

Published

2006-07-21

Updated

2018-10-17

CVE-2006-3772

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP-Post versions 0.21 and 1.0, and possibly earlier versions

Description The issue allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie when auto-login is enabled.

Recommendations For PHP-Post versions 0.21 and 1.0, and possibly earlier versions, consider disabling the auto-login feature to prevent exploitation until a fix is available. As a temporary workaround, restrict access to administrative privileges to minimize the risk of exploitation. Avoid using the auto-login feature until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3772

Affected Products

Php-Post

PT-2006-4632 · Php · Php-Post

CVE-2006-3772

Related Identifiers

Affected Products

References · 9