configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pokermax_poker_league_tournament_script | Steve_dawson | 0.13 (including) | 0.13 (including) |
References
- http://secunia.com/advisories/32312
- http://securityreason.com/securityalert/4431
- http://www.securityfocus.com/bid/31784
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45931
- https://www.exploit-db.com/exploits/6766
- http://secunia.com/advisories/32312
- http://securityreason.com/securityalert/4431
- http://www.securityfocus.com/bid/31784
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45931
- https://www.exploit-db.com/exploits/6766