https://www.exploit-db.com/exploits/21886
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-836

Py-Membres3.1版本index.php存在漏洞。远程攻击者通过设置pymembs参数为”admin”以管理员身份登录。

source: http://www.securityfocus.com/bid/5849/info

A vulnerability has been reported for Py-Membres 3.1 that allows remote attackers to obtain administrative privileges on vulnerable installations.

Reportedly, Py-Membres does not fully check some URI parameters. Thus it is possible for an attacker to manipulate URI parameters and log into the system as an arbitrary user without the need for passwords. 

http://[target]/index.php?pymembs=admin

来源:BID
名称:5849
链接:http://www.securityfocus.com/bid/5849
来源:XF
名称:py-membres-admin-privileges(10308)
链接:http://www.iss.net/security_center/static/10308.php
来源:BUGTRAQ
名称:20021002MultipleWebSecurityHoles
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html