X-News (x_news) 1.1 and previous versions allows malicious users to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xqus x-news 1.1 |
||
xqus x-news 1.0 |