Vulnerabilities > CVE-2007-2822 - Security Bypass vulnerability in Tutorialcms
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | TutorialCMS <= 1.01 Authentication Bypass Vulnerability. CVE-2007-2822. Webapps exploit for php platform |
| file | exploits/php/webapps/3963.txt |
| id | EDB-ID:3963 |
| last seen | 2016-01-31 |
| modified | 2007-05-21 |
| platform | php |
| port | |
| published | 2007-05-21 |
| reporter | Silentz |
| source | https://www.exploit-db.com/download/3963/ |
| title | TutorialCMS <= 1.01 - Authentication Bypass Vulnerability |
| type | webapps |