Jaws 0.3 allows remote malicious users to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jaws jaws 0.3 |
||
jaws jaws 0.2 |