SurgeLDAP 1.0g (Build 12), and possibly other versions prior to 1.0h, allows remote malicious users to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netwin surgeldap 1.0a |
||
netwin surgeldap 1.0e |
||
netwin surgeldap 1.0f |
||
netwin surgeldap 1.0b |
||
netwin surgeldap 1.0d |
||
netwin surgeldap 1.0g |