Authentication flaw

2007-12-1723:46:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.7%

JSON

admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php.

CPENameOperatorVersion
adultscripteq1.6

CPE	Name	Operator	Version
	adultscript	eq	1.6

References

secunia.com/advisories/28064

www.securityfocus.com/bid/26870

exchange.xforce.ibmcloud.com/vulnerabilities/39034

www.exploit-db.com/exploits/4731