vendor:
Webstore
by:
Igor Dobrovitski
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Webstore
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unix
2001
Webstore Authentication Bypass
A vulnerability exists in Webstore which may allow attackers to obtain administrative privileges. The vulnerability is due to a lack of filtering NULL bytes and occurs during the authentication process. In combination with BID 2861, an attacker may be able to execute arbitrary commands on a webserver running Webstore.
Mitigation:
Implement proper input validation and filtering to prevent the authentication bypass vulnerability.
