Vulnerabilities > CVE-2006-2527 - Unspecified vulnerability in Smartisoft PHPbazar 2.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | phpBazar <= 2.1.0 Remote (Include/Auth Bypass) Vulnerabilities. CVE-2006-2527,CVE-2006-2528. Webapps exploit for php platform |
id | EDB-ID:1804 |
last seen | 2016-01-31 |
modified | 2006-05-19 |
published | 2006-05-19 |
reporter | [Oo] |
source | https://www.exploit-db.com/download/1804/ |
title | phpBazar <= 2.1.0 - Remote Include/Auth Bypass Vulnerabilities |