MKPortal Admin.PHP Authentication Bypass Vulnerability
BID:25515
Info
MKPortal Admin.PHP Authentication Bypass Vulnerability
| Bugtraq ID: | 25515 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 03 2007 12:00AM |
| Updated: | Sep 05 2007 05:31PM |
| Credit: | Demential is credited with the discovery of this issue. |
| Vulnerable: |
MKPortal MKPortal 1.0.1 Final MKPortal MKPortal 1.1 RC1 |
| Not Vulnerable: |
MKPortal MKPortal 1.1.1 |
Discussion
MKPortal Admin.PHP Authentication Bypass Vulnerability
MKPortal is prone to an authentication-bypass vulnerability because it fails to restrict access to certain administrative functions.
Attackers can exploit this issue to gain unauthorized access to the application.
Versions prior to MKPortal 1.1.1 are vulnerable.
MKPortal is prone to an authentication-bypass vulnerability because it fails to restrict access to certain administrative functions.
Attackers can exploit this issue to gain unauthorized access to the application.
Versions prior to MKPortal 1.1.1 are vulnerable.
Exploit / POC
MKPortal Admin.PHP Authentication Bypass Vulnerability
To exploit this issue, an attacker must entice an unsuspecting administrator to view a maliciously crafted webpage.
The following exploit information is available:
To exploit this issue, an attacker must entice an unsuspecting administrator to view a maliciously crafted webpage.
The following exploit information is available:
Solution / Fix
MKPortal Admin.PHP Authentication Bypass Vulnerability
Solution:
The vendor released MKPortal 1.1.1 to address this issue. Please see the references and contact the vendor for information on obtaining and applying this update.
Solution:
The vendor released MKPortal 1.1.1 to address this issue. Please see the references and contact the vendor for information on obtaining and applying this update.
References
MKPortal Admin.PHP Authentication Bypass Vulnerability
References:
References: