PHP SimpleNEWS Authentication Bypass Vulnerability
BID:17186
Info
PHP SimpleNEWS Authentication Bypass Vulnerability
| Bugtraq ID: | 17186 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2006 12:00AM |
| Updated: | Mar 22 2006 06:54PM |
| Credit: | Aliaksandr Hartsuyeu is credited with the discovery of this vulnerability. |
| Vulnerable: |
Himpfen Consulting Company PHP SimpleNEWS 1.0 |
| Not Vulnerable: | |
Discussion
PHP SimpleNEWS Authentication Bypass Vulnerability
PHP SimpleNEWS is prone to an authentication-bypass vulnerability. The issue occurs because the affected scripts fail to properly validate cookie data.
An attacker can exploit this issue to bypass authentication and gain admin access. This could aid in further attacks on the affected computer.
PHP SimpleNEWS is prone to an authentication-bypass vulnerability. The issue occurs because the affected scripts fail to properly validate cookie data.
An attacker can exploit this issue to bypass authentication and gain admin access. This could aid in further attacks on the affected computer.
Exploit / POC
PHP SimpleNEWS Authentication Bypass Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
PHP SimpleNEWS Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
PHP SimpleNEWS Authentication Bypass Vulnerability
References:
References:
- PHP SimpleNEWS Web Site (Himpfen Consulting Company)
- [eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerabili (eVuln.com)