2 matches found
CVE-2014-3772
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the sessionstart function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php...
CVE-2014-3772
TeamPass before 2.1.20 is affected by CVE-2014-3772, a remote‑code access bypass. The flaw occurs when a request to index.php is followed by a direct request to a file that calls session_start before the CPM key is validated (illustrated by sources/upload/upload.files.php). This allows an attacke...