Pixelpost 1-5rc1-2 and previous versions, when register_globals is enabled, allows remote malicious users to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pixelpost pixelpost 1.5_rc1 |