Haudenschilt Family Connections Index.PHP Authentication Bypass Vulnerability
BID:25276
Info
Haudenschilt Family Connections Index.PHP Authentication Bypass Vulnerability
| Bugtraq ID: | 25276 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4338 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 11 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | Ilker Kandemir is credited with the discovery of this issue. |
| Vulnerable: |
Haudenschilt Family Connections 0.1.2 Haudenschilt Family Connections 0.1.1 Haudenschilt Family Connections 0.8 Haudenschilt Family Connections 0.6 Haudenschilt Family Connections 0.5 |
| Not Vulnerable: |
Haudenschilt Family Connections 0.9 |
Discussion
Haudenschilt Family Connections Index.PHP Authentication Bypass Vulnerability
Haudenschilt Family Connections is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to gain unauthorized access. This may facilitate a compromise of the application and underlying webserver; other attacks are also possible.
Family Connections versions prior to 0.9 are vulnerable.
Haudenschilt Family Connections is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to gain unauthorized access. This may facilitate a compromise of the application and underlying webserver; other attacks are also possible.
Family Connections versions prior to 0.9 are vulnerable.
Exploit / POC
Haudenschilt Family Connections Index.PHP Authentication Bypass Vulnerability
An attacker can exploit this issue via a browser.
The following exploit code is available:
An attacker can exploit this issue via a browser.
The following exploit code is available:
Solution / Fix
Haudenschilt Family Connections Index.PHP Authentication Bypass Vulnerability
Solution:
The vendor released Family Connections 0.9 to address this issue. Please see the references for more information.
Haudenschilt Family Connections 0.8
Haudenschilt Family Connections 0.5
Haudenschilt Family Connections 0.6
Haudenschilt Family Connections 0.1.1
Haudenschilt Family Connections 0.1.2
Solution:
The vendor released Family Connections 0.9 to address this issue. Please see the references for more information.
Haudenschilt Family Connections 0.8
-
Haudenschilt FCMS_0.9.zip
http://downloads.sourceforge.net/fam-connections/FCMS_0.9.zip?modtime= 1187880968&big_mirror=0
Haudenschilt Family Connections 0.5
-
Haudenschilt FCMS_0.9.zip
http://downloads.sourceforge.net/fam-connections/FCMS_0.9.zip?modtime= 1187880968&big_mirror=0
Haudenschilt Family Connections 0.6
-
Haudenschilt FCMS_0.9.zip
http://downloads.sourceforge.net/fam-connections/FCMS_0.9.zip?modtime= 1187880968&big_mirror=0
Haudenschilt Family Connections 0.1.1
-
Haudenschilt FCMS_0.9.zip
http://downloads.sourceforge.net/fam-connections/FCMS_0.9.zip?modtime= 1187880968&big_mirror=0
Haudenschilt Family Connections 0.1.2
-
Haudenschilt FCMS_0.9.zip
http://downloads.sourceforge.net/fam-connections/FCMS_0.9.zip?modtime= 1187880968&big_mirror=0
References
Haudenschilt Family Connections Index.PHP Authentication Bypass Vulnerability
References:
References:
- Family Connections Homepage (Haudenschilt)
- FCMS (Family Connections) <= 0.1.1 Remote Command Execution Exploit // www.Mefis (ilker Kandemir)