manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Esyndicat_pro | Esyndicat | 1.x (including) | 1.x (including) |
References
- http://osvdb.org/37521
- http://securityreason.com/securityalert/2729
- http://www.securityfocus.com/archive/1/468966/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34371
- http://osvdb.org/37521
- http://securityreason.com/securityalert/2729
- http://www.securityfocus.com/archive/1/468966/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34371