header-logo
Suggest Exploit
vendor:
Newsletter ZWS
by:
SecurityFocus
8.8
CVSS
HIGH
Administrative Interface Authentication Bypass
287
CWE
Product Name: Newsletter ZWS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2003

Administrative Interface Authentication Bypass

Newsletter ZWS is prone to an administrative interface authentication bypass vulnerability due to a design error in the implementation of the authentication system for the interface. This flaw allows a user to set their privileges through a URI parameter passed to the 'admin.php' script.

Mitigation:

Upgrade to the latest version of Newsletter ZWS.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10605/info

Newsletter ZWS is reported prone to an administrative interface authentication bypass vulnerability. The vulnerability exists due to a design error in the implementation of the authentication system for the interface. The flaw allows a user to set their privileges through a URI parameter passed to the 'admin.php' script.

http://www.example.com/newsletter/admin.php?f=list_user&uname=test&ulevel=1

Navigation

Suggest Exploit

Services By CQR