TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tutorialcms | Wavelink_media | * | 1.01 (including) |
References
- http://osvdb.org/36520
- http://secunia.com/advisories/25358
- http://www.vupen.com/english/advisories/2007/1903
- http://www.wavelinkmedia.com/scripts/tutorialcms/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34401
- https://www.exploit-db.com/exploits/3963
- http://osvdb.org/36520
- http://secunia.com/advisories/25358
- http://www.vupen.com/english/advisories/2007/1903
- http://www.wavelinkmedia.com/scripts/tutorialcms/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34401
- https://www.exploit-db.com/exploits/3963