EQdkp 1.3.1 and previous versions authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote malicious users to read or modify account names and passwords via a spoofed Referer.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eqdkp eqdkp 1.3.1 |