Creasito E-Commerce Content Manager (admin) Authentication Bypass
[code]============================================================================================
Creasito E-Commerce Content Manager (admin) Authentication Bypass
============================================================================================
Product............: Creasito E-Commerce Content Manager
Affected versions..: Creasito <= 1.3.08
Security Risk......: High
Vendor.............: G. Fabozzi ([url]http://creasito.bloghosteria.com/[/url])
Product Link.......: [url]http://prdownloads.sourceforge.net/creasito/creasito1.3.08.zip?download[/url]
Discovered by......: SlimTim10
Details:
---------
Files in the /admin directory use a very poor security method for authentication that is
simple to bypass.
Vulnerable Code:
-----------------
if ( empty( $finame ) ) {
?> Prego effettuare il login <a href="index.php"> Qui<br>
页:
[1]