4 matches found
CVE-2009-5076
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with 1 login.php or 2 passwordforgotten.php appended as the PATHINFO, which bypasses a check that uses PHPSELF, which is not properl...
CVE-2009-5076
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with 1 login.php or 2 passwordforgotten.php appended as the PATHINFO, which bypasses a check that uses PHPSELF, which is not properl...
CVE-2009-5076
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with 1 login.php or 2 passwordforgotten.php appended as the PATHINFO, which bypasses a check that uses PHPSELF, which is not properl...
CVE-2009-5076
CVE-2009-5076 affects CRE Loaded prior to 6.3.x (and possibly other versions before 6.3.x) where authentication can be bypassed via PATH_INFO by requesting login.php or password_forgotten.php, exploiting improper handling of PHP_SELF in includes/application_top.php and admin/includes/application_...