Vulnerabilities > CVE-2007-2822 - Unspecified vulnerability in Wavelink Media Tutorialcms
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN wavelink-media
exploit available
Summary
TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | TutorialCMS <= 1.01 Authentication Bypass Vulnerability. CVE-2007-2822. Webapps exploit for php platform |
| file | exploits/php/webapps/3963.txt |
| id | EDB-ID:3963 |
| last seen | 2016-01-31 |
| modified | 2007-05-21 |
| platform | php |
| port | |
| published | 2007-05-21 |
| reporter | Silentz |
| source | https://www.exploit-db.com/download/3963/ |
| title | TutorialCMS <= 1.01 - Authentication Bypass Vulnerability |
| type | webapps |
References
- http://osvdb.org/36520
- http://osvdb.org/36520
- http://secunia.com/advisories/25358
- http://secunia.com/advisories/25358
- http://www.vupen.com/english/advisories/2007/1903
- http://www.vupen.com/english/advisories/2007/1903
- http://www.wavelinkmedia.com/scripts/tutorialcms/
- http://www.wavelinkmedia.com/scripts/tutorialcms/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34401
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34401
- https://www.exploit-db.com/exploits/3963
- https://www.exploit-db.com/exploits/3963