Описание
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Ссылки
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkExploit
- Third Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkExploit
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zenas:pao-bacheca_guestbook:2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01574
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
EPSS
Процентиль: 81%
0.01574
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287