redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote malicious users to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
slimcms slimcms 1.0.0 |