cp/profile.php in VivaPrograms Infinity 2.0.5 and previous versions does not require administrative authentication for the donewauthor action, which allows remote malicious users to create administrative accounts via the name, password, and conf_password parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vivaprograms infinity script |
||
vivaprograms infinity script 2.0.0 |