The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Popper_mod | Symatec | 1.0 (including) | 1.0 (including) |
| Popper_mod | Symatec | 1.2 (including) | 1.2 (including) |
| Popper_mod | Symatec | 1.2.1 (including) | 1.2.1 (including) |
References
- http://online.securityfocus.com/archive/1/265438
- http://www.iss.net/security_center/static/8746.php
- http://www.securityfocus.com/bid/4412
- http://www.symatec-computer.com/forums/viewtopic.php?t=14
- http://online.securityfocus.com/archive/1/265438
- http://www.iss.net/security_center/static/8746.php
- http://www.securityfocus.com/bid/4412
- http://www.symatec-computer.com/forums/viewtopic.php?t=14