11 lines
No EOL
583 B
Text
11 lines
No EOL
583 B
Text
source: http://www.securityfocus.com/bid/38421/info
|
|
|
|
Newbie CMS is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
|
|
|
|
Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks.
|
|
|
|
Versions prior to Newbie CMS 0.03 are vulnerable; other versions may also be affected.
|
|
|
|
Supplying the following cookie data is sufficient to exploit this issue:
|
|
|
|
javascript:document.cookie="nb_logged=jiko;path=/newbb/admin/"; |