PhpAuction 2.5 allows remote malicious users to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gianluca baldo phpauction 2.5 |