vendor:
Archangel Weblog
by:
Dj7xpl
7.5
CVSS
HIGH
Local File Inclusion & Login Page Bypass By Cookie
CWE
Product Name: Archangel Weblog
Affected Version From: 0.90.02
Affected Version To: 0.90.02
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Archangel Weblog version 0.90.02 Local File Inclusion & Login Page Bypass By Cookie
The Archangel Weblog version 0.90.02 is vulnerable to Local File Inclusion and Login Page Bypass By Cookie attacks. An attacker can exploit this vulnerability by sending a specially crafted request to the index.php file, allowing them to include local files or bypass the login page using a manipulated cookie. This can lead to unauthorized access to sensitive information or administrative privileges.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of the Archangel Weblog software. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files and the login page.