inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote malicious users to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alilg alitalk 1.9.1.1 |