login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to insert, which adds the provided username to the adminUsers table.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpauction | Gianluca_baldo | 1.3 | 1.3 |
Phpauction | Gianluca_baldo | 2.0 | 2.0 |
Phpauction | Gianluca_baldo | 1.2 | 1.2 |
Phpauction | Gianluca_baldo | 2.1 | 2.1 |