High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpMySport which could be exploited to bypass authentication mechanisms and gain access to the application.
1) Authentication bypass vulnerability in phpMySport
The vulnerability exists due to insufficient validation of input data in authentication mechanism. A remote attacker can send a specially crafted HTTP POST request to the index.php script, bypass authentication checks and gain unauthorized access to the application.
POST /index.php?r=member&v1=login HTTP/1.1
Cookie: auto_connection=1; cle=1;