CVE-2008-3303 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2008-3303

CWE

https://cwe.mitre.org/data/definitions/264.html

admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.

Affected Software

Name	Vendor	Start Version	End Version
Bilboblog	Tuxplanet	0.2.1 (including)	0.2.1 (including)

References

http://secunia.com/advisories/31054
http://securityreason.com/securityalert/4036
http://www.securityfocus.com/bid/30225
https://exchange.xforce.ibmcloud.com/vulnerabilities/43762
https://www.exploit-db.com/exploits/6073
http://secunia.com/advisories/31054
http://securityreason.com/securityalert/4036
http://www.securityfocus.com/bid/30225
https://exchange.xforce.ibmcloud.com/vulnerabilities/43762
https://www.exploit-db.com/exploits/6073