admin.php in Digi-ads 1.1 allows remote malicious users to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digi-fx digi-news 1.1 |