Admin/admin.php in phpBazar 2.1.0 and previous versions allows remote malicious users to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smartisoft phpbazar 2.1.0 |