Mafia Blog Administrator Authentication Bypass Vulnerability
BID:13194
Info
Mafia Blog Administrator Authentication Bypass Vulnerability
| Bugtraq ID: | 13194 |
| Class: | Access Validation Error |
| CVE: |
CVE-2005-1169 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | Francisco Alisson <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Mafia Mafia .4 Beta |
| Not Vulnerable: | |
Discussion
Mafia Blog Administrator Authentication Bypass Vulnerability
Mafia is prone to an authentication bypass vulnerability regarding the administrator functions. This issue is due to a failure in the application to secure access to the administrator functions.
This issue permits an attacker to gain administrator privileges to the affected application. The available administrator functions include editing of blog comments, uploading of images, editing information about pictures and access to blog configuration files.
Mafia is prone to an authentication bypass vulnerability regarding the administrator functions. This issue is due to a failure in the application to secure access to the administrator functions.
This issue permits an attacker to gain administrator privileges to the affected application. The available administrator functions include editing of blog comments, uploading of images, editing information about pictures and access to blog configuration files.
Exploit / POC
Mafia Blog Administrator Authentication Bypass Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Mafia Blog Administrator Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Mafia Blog Administrator Authentication Bypass Vulnerability
References:
References:
- Mafia Homepage (Mafia)
- Mafia Blog (Francisco Alisson