PHPBazar Admin.PHP Unauthorized Access Vulnerability
BID:18053
CVE-2006-2527 |Info
PHPBazar Admin.PHP Unauthorized Access Vulnerability
| Bugtraq ID: | 18053 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 20 2006 12:00AM |
| Updated: | May 23 2006 06:13PM |
| Credit: | PHP Emperor is credited with the discovery of this vulnerability. |
| Vulnerable: |
SmartISoft phpBazar 2.1 |
| Not Vulnerable: | |
Discussion
PHPBazar Admin.PHP Unauthorized Access Vulnerability
phpBazar is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly validate credentials before granting access to sensitive scripts.
An attacker can exploit this issue to alter the administrator credentials, ultimately gaining administrative access.
phpBazar is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly validate credentials before granting access to sensitive scripts.
An attacker can exploit this issue to alter the administrator credentials, ultimately gaining administrative access.
Exploit / POC
PHPBazar Admin.PHP Unauthorized Access Vulnerability
This issue can be exploited through a web client.
This issue can be exploited through a web client.
Solution / Fix
PHPBazar Admin.PHP Unauthorized Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
PHPBazar Admin.PHP Unauthorized Access Vulnerability
References:
References:
- Vendor Homepage (SmartISoft)
- phpBazar <= 2.1.0 Multiple vulnerabilites (PHP Emperor)