CVE-2015-10129

Name of the Vulnerable Software and Affected Versions planet-freo up to 20150116

Description A vulnerability was found in the file admin/inc/auth.inc.php, where the manipulation of the auth argument leads to incorrect comparison. The attack can be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, it is recommended to apply a patch with the name 6ad38c58a45642eb8c7844e2f272ef199f59550d. As a temporary workaround, consider restricting access to the vulnerable file admin/inc/auth.inc.php until the patch is applied. Avoid using the auth argument in the affected functionality until the issue is resolved.