Py-Membres 3.1 Index.PHP Unauthorized Access Vulnerability

2014-07-01T00:00:00
ID SSV:75704
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/5849/info

A vulnerability has been reported for Py-Membres 3.1 that allows remote attackers to obtain administrative privileges on vulnerable installations.

Reportedly, Py-Membres does not fully check some URI parameters. Thus it is possible for an attacker to manipulate URI parameters and log into the system as an arbitrary user without the need for passwords. 

http://[target]/index.php?pymembs=admin