ProNews Change.PHP Authentication Bypass Vulnerability
BID:21559
Info
ProNews Change.PHP Authentication Bypass Vulnerability
| Bugtraq ID: | 21559 |
| Class: | Design Error |
| CVE: |
CVE-2006-6580 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 12 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | An anonymous person discovered this issue. |
| Vulnerable: |
SCRIPTPHP ProNews 1.5 |
| Not Vulnerable: | |
Discussion
ProNews Change.PHP Authentication Bypass Vulnerability
ProNews is prone to an authentication-bypass vulnerability because the software fails to perform sufficient authentication checking.
An attacker can exploit this issue to modify data on an affected website; other attacks may also be possible.
Version 1.5 is vulnerable; other versions may also be affected.
ProNews is prone to an authentication-bypass vulnerability because the software fails to perform sufficient authentication checking.
An attacker can exploit this issue to modify data on an affected website; other attacks may also be possible.
Version 1.5 is vulnerable; other versions may also be affected.
Exploit / POC
ProNews Change.PHP Authentication Bypass Vulnerability
Attackers can exploit this issue via a web client.
Attackers can exploit this issue via a web client.
Solution / Fix
ProNews Change.PHP Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].