header-logo
Suggest Exploit
vendor:
Py-Membres
by:
SecurityFocus
7.5
CVSS
HIGH
Py-Membres 3.1 Unauthenticated Access
284
CWE
Product Name: Py-Membres
Affected Version From: Py-Membres 3.1
Affected Version To: Py-Membres 3.1
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: o:py-membres:py-membres:3.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Py-Membres 3.1 Unauthenticated Access

Py-Membres 3.1 is vulnerable to an unauthenticated access vulnerability. This vulnerability allows an attacker to manipulate URI parameters and log into the system as an arbitrary user without the need for passwords.

Mitigation:

Upgrade to the latest version of Py-Membres 3.1
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5849/info

A vulnerability has been reported for Py-Membres 3.1 that allows remote attackers to obtain administrative privileges on vulnerable installations.

Reportedly, Py-Membres does not fully check some URI parameters. Thus it is possible for an attacker to manipulate URI parameters and log into the system as an arbitrary user without the need for passwords. 

http://[target]/index.php?pymembs=admin

Navigation

Suggest Exploit

Services By CQR