login.php for PHPAuction allows remote malicious users to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gianluca baldo phpauction 1.2 |
||
gianluca baldo phpauction 1.3 |
||
gianluca baldo phpauction 2.0 |
||
gianluca baldo phpauction 2.1 |