oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openjournal | Openjournal | 2.0 (including) | 2.0 (including) |
Openjournal | Openjournal | 2.0_1 (including) | 2.0_1 (including) |
Openjournal | Openjournal | 2.0_2 (including) | 2.0_2 (including) |
Openjournal | Openjournal | 2.0_3 (including) | 2.0_3 (including) |
Openjournal | Openjournal | 2.0_4 (including) | 2.0_4 (including) |
Openjournal | Openjournal | 2.0_5 (including) | 2.0_5 (including) |