admin/administrator.php in Adult Script 1.6 and previous versions sends a redirect to the web browser but does not exit, which allows remote malicious users to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adultscript adultscript 1.6 |