CVE-2005-4006

SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Sapid_cms	Redgraphic	*	1.2.3.02 (including)
Sapid_cms	Redgraphic	1.2.3 (including)	1.2.3 (including)
Sapid_cms	Redgraphic	1.2.3-rc2 (including)	1.2.3-rc2 (including)
Sapid_cms	Redgraphic	1.2.3-rc3 (including)	1.2.3-rc3 (including)
Sapid_cms	Redgraphic	1.2.3-rc5 (including)	1.2.3-rc5 (including)
Sapid_cms	Redgraphic	1.2.3-stable (including)	1.2.3-stable (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://sapid-club.com/en/viewtopic.php?p=586#586
http://secunia.com/advisories/17859
http://sourceforge.net/project/shownotes.php?release_id=375289\u0026group_id=118100
http://www.osvdb.org/21389
http://www.securityfocus.com/bid/15689
http://www.vupen.com/english/advisories/2005/2703

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4006
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References