Vulnerabilities > CVE-2006-2527 - Unspecified vulnerability in Smartisoft PHPbazar 2.1.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
smartisoft
exploit available
NVD
Published: 2006-05-22
Updated: 2018-10-18

Summary

Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1.

Vulnerable Configurations

Part Description Count
Application
Smartisoft
1

Exploit-Db

descriptionphpBazar <= 2.1.0 Remote (Include/Auth Bypass) Vulnerabilities. CVE-2006-2527,CVE-2006-2528. Webapps exploit for php platform
idEDB-ID:1804
last seen2016-01-31
modified2006-05-19
published2006-05-19
reporter[Oo]
sourcehttps://www.exploit-db.com/download/1804/
titlephpBazar <= 2.1.0 - Remote Include/Auth Bypass Vulnerabilities

References