header-logo
Suggest Exploit
vendor:
Py-Membres
by:
SecurityFocus
8.8
CVSS
HIGH
Py-Membres Unauthenticated Administrative Access
284
CWE
Product Name: Py-Membres
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Py-Membres Unauthenticated Administrative Access

Py-Membres is vulnerable to an unauthenticated administrative access vulnerability. By manipulating the URI parameters, an attacker can log into the system as an administrative user without the need for passwords.

Mitigation:

Upgrade to the latest version of Py-Membres.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8499/info

A vulnerability has been reported for Py-Membres that allows remote attackers to obtain administrative privileges on vulnerable installations.

Reportedly, Py-Membres does not fully check some URI parameters. Thus it is possible for an attacker to manipulate URI parameters and log into the system as an administrative user without the need for passwords.

http://www.example.com/admin/admin.php?adminpy=1

Navigation

Suggest Exploit

Services By CQR