3 matches found
CVE-2003-1245
The CVE-2003-1245 issue affects Mambo Site Server (CMS) in version 4.0.12, where index2.php allows a remote attacker to gain administrator access by sending a URL with session_id set to the MD5 hash of a valid session cookie. Root cause is improper validation of cookies, enabling session imperson...
CVE-2003-1245
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where sessionid is set to the MD5 hash of a session cookie...
Mambo Site Server MD5 Hash Session ID Privilege Escalation
The remote installation of Mambo Site Server improperly validates the cookies that are sent back by the user. As a result, a user may impersonate the administrator by using the MD5 value of a received cookie and thereby gain administrative control of the affected application. %NASLMINLEVEL 70300 ...