Bugtraq mailing list archives
Cuteflow Version 2.10.3 "edituser.php" Security Bypass Vulnerability
From: hever () hever com br
Date: Fri, 21 Aug 2009 12:17:35 -0600
It's possible edit the users (including the admin account), bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to the application not properly restricting access to the pages/edituser.php script. This can be exploited to modify a user's username and password without having proper credentials. Hever Costa Rocha
Current thread:
- Cuteflow Version 2.10.3 "edituser.php" Security Bypass Vulnerability hever (Aug 21)