admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Digi-news | Digi-fx | 1.1 (including) | 1.1 (including) |