Basic Analysis and Security Engine (BASE) prior to 1.3.8 sends a redirect to the web browser but does not exit, which allows remote malicious users to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
secureideas basic analysis and security engine 1.3.6 |