Description
login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
Products
- Gianluca Baldo PHPAuction 1.2
- Gianluca Baldo PHPAuction 1.3
- Gianluca Baldo PHPAuction 2.0
- Gianluca Baldo PHPAuction 2.1
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-0995, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0995 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References