admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote malicious users to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tuxplanet bilboblog 0.2.1 |