ext_find_user in eXtplorer up to and including 2.1.2 allows remote malicious users to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
extplorer extplorer |