header-logo
Suggest Exploit
vendor:
MailWorks Professional
by:
Unknown
7.5
CVSS
HIGH
Authentication Bypass
CWE
Product Name: MailWorks Professional
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Authentication Bypass Vulnerability in MailWorks Professional

MailWorks Professional is prone to an authentication bypass vulnerability. The application uses cookies to store variables that determine the status of the authentication process. An attacker browsing the web application using specially crafted cookie data is able to bypass the authentication process to access the site as an administrative user. This vulnerability allows a remote attacker to gain administrative access to the affected application.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11095/info

MailWorks Professional is reported prone to an authentication bypass vulnerability.

The application uses cookies to store variables that determine the status of the authentication process. An attacker browsing the web application using specially crafted cookie data is able to bypass the authentication process to access the site as an administrative user.

This vulnerability allows a remote attacker to gain administrative access to the affected application.

Cookie: auth=1; uId=1

Navigation

Suggest Exploit

Services By CQR