PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote malicious users to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php-post php-post 1.0 |
||
php-post php-post 0.21 |