TeamPass prior to 2.1.20 allows remote malicious users to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
teampass teampass |
||
teampass teampass 2.1.18 |
||
teampass teampass 2.1 |
||
teampass teampass 2.1.5 |
||
teampass teampass 2.1.4 |
||
teampass teampass 2.1.3 |
||
teampass teampass 2.1.2 |
||
teampass teampass 2.1.15 |
||
teampass teampass 2.1.14 |
||
teampass teampass 2.1.13 |
||
teampass teampass 2.1.10 |
||
teampass teampass 2.1.1 |
||
teampass teampass 2.1.19 |