BugHotel Reservation System Main.PHP Authentication Bypass Vulnerability
BID:26178
Info
BugHotel Reservation System Main.PHP Authentication Bypass Vulnerability
| Bugtraq ID: | 26178 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-6011 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 23 2007 12:00AM |
| Updated: | Nov 23 2007 09:34PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Bug Software BugHotel Reservation System 4.9.9 P2 |
| Not Vulnerable: |
Bug Software BugHotel Reservation System 4.9.9 P3 |
Discussion
BugHotel Reservation System Main.PHP Authentication Bypass Vulnerability
BugHotel Reservation System is prone to an authentication-bypass vulnerability due to a design error.
An attacker can exploit this issue to gain unauthorized access to the affected application. This may lead to further attacks.
This issue affects versions prior to BugHotel Reservation System 4.9.9 P3.
BugHotel Reservation System is prone to an authentication-bypass vulnerability due to a design error.
An attacker can exploit this issue to gain unauthorized access to the affected application. This may lead to further attacks.
This issue affects versions prior to BugHotel Reservation System 4.9.9 P3.
Exploit / POC
BugHotel Reservation System Main.PHP Authentication Bypass Vulnerability
An attacker can use a browser to exploit this issue.
An attacker can use a browser to exploit this issue.
Solution / Fix
BugHotel Reservation System Main.PHP Authentication Bypass Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
BugHotel Reservation System Main.PHP Authentication Bypass Vulnerability
References:
References:
- BugHotel Reservation System Homepage (Bug Software)