admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an adminok value.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Miniportal | Miniportal | 1.9 (including) | 1.9 (including) |
| Miniportal | Miniportal | 2.0 (including) | 2.0 (including) |
| Miniportal | Miniportal | 2.1 (including) | 2.1 (including) |
| Miniportal | Miniportal | 2.2 (including) | 2.2 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=105240907024660\u0026w=2
- http://www.frog-man.org/tutos/miniPortail.txt
- http://marc.info/?l=bugtraq\u0026m=105240907024660\u0026w=2
- http://www.frog-man.org/tutos/miniPortail.txt