PT-2020-20187 · Phpbook · Phpabook
Published
2020-02-03
·
Updated
2020-02-06
·
CVE-2020-8510
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
phpABook version 0.9 Intermediate
Description
An issue allows login as any user without a password by setting a specific
userInfo cookie value on the login page. The value admin+1+en (representing user+perms+lang) can be used to exploit this issue.Recommendations
For phpABook version 0.9 Intermediate, as a temporary workaround, consider restricting access to the login page or validating the
userInfo cookie to prevent unauthorized login.Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpabook