Published: 27/05/2005 Updated: 25/11/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

setup.php in phpStat 1.5 allows remote malicious users to bypass authentication and gain administrator privileges by setting the $check variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpstat phpstat -

<? /* ************************************************************** PHP Stat Administrative User Authentication Bypass POC Exploit Code by Nikyt0x - Soulblack Security Research ************************************************************** Advisory: wwwsoulblackcomar/repo/papers/phpstat_advisorytxt Saludos: ...

<?php error_reporting(E_PARSE); /* ================================================================ PHP Stat Administrative User Authentication Bypass POC Exploit ================================================================ ====Trap-Set Underground Hacking Team===========mh_p0rtal============ Greetz to : Alpha_programmer , Oil_karchack , St ...

#!/usr/bin/perl ##################################################################### #T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m ##################################################################### # EXPLOIT FOR - PHPStat SetupPHP Authentication Bypass Vulnerability # #Exploit By : A l p h a _ P r o g r a m m e r ( Sirus- ...

CWE-20 http://www.soulblack.com.ar/repo/tools/sbphpstatpoc.txt http://www.soulblack.com.ar/repo/papers/advisory/PhpStat_advisory.txt http://securitytracker.com/id?1014064 http://secunia.com/advisories/15516 http://marc.info/?l=bugtraq&m=111721290726958&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/1018/

CVE-2005-1787

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect