le.cms 'submit0' Parameter Authentication Bypass Vulnerability
BID:29872
Info
le.cms 'submit0' Parameter Authentication Bypass Vulnerability
| Bugtraq ID: | 29872 |
| Class: | Access Validation Error |
| CVE: |
CVE-2008-2833 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 21 2008 12:00AM |
| Updated: | May 07 2015 05:28PM |
| Credit: | t0pP8uZz |
| Vulnerable: |
le.cms le.cms 1.4 |
| Not Vulnerable: | |
Discussion
le.cms 'submit0' Parameter Authentication Bypass Vulnerability
The 'le.cms' program is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input.
An attacker can exploit this vulnerability to gain administrative access to the affected application; other attacks are also possible.
This issue affects le.cms 1.4 and prior versions.
The 'le.cms' program is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input.
An attacker can exploit this vulnerability to gain administrative access to the affected application; other attacks are also possible.
This issue affects le.cms 1.4 and prior versions.
Exploit / POC
le.cms 'submit0' Parameter Authentication Bypass Vulnerability
Attackers may exploit this issue through a browser.
Attackers may exploit this issue through a browser.
Solution / Fix
le.cms 'submit0' Parameter Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].