vendor:
Pre webhost System
by:
D4rk357
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Pre webhost System
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2010
Pre webhost System authentication bypass
On the login page, entering 'admin' as the username and '' or '1'='1' as the password allows the attacker to bypass authentication and gain access to the system.
Mitigation:
Implement proper input validation and parameterization to prevent SQL injection vulnerabilities.