CVE-2008-3033

Name of the Vulnerable Software and Affected Versions RSS-aggregator version 1.0

Description The issue allows remote attackers to access admin functions without requiring administrative authentication for the admin/fonctions/ directory. This can be exploited through specific requests, such as (1) an IdFlux request to "supprimer flux.php" and (2) a TpsRafraich request to "modifier tps rafraich.php", potentially leading to unspecified other impact.

Recommendations For RSS-aggregator version 1.0, consider implementing proper authentication mechanisms for the admin/fonctions/ directory to restrict unauthorized access. As a temporary workaround, restrict access to the "supprimer flux.php" and "modifier tps rafraich.php" files until a proper fix is applied.