PT-2009-5474 · Simplephpweb · Simplephpweb
Kingcope
·
Published
2009-09-10
·
Updated
2017-09-19
·
CVE-2009-3158
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
simplePHPWeb version 0.2
Description:
The issue in simplePHPWeb allows remote attackers to perform administrative actions without requiring authentication. This is due to a lack of authentication in the admin/files.php file.
Recommendations:
For simplePHPWeb version 0.2, consider implementing proper authentication mechanisms for the admin/files.php file to prevent unauthorized access. As a temporary workaround, restrict access to the admin/files.php file until a proper fix is applied.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simplephpweb