PHP-Coolfile 1.4 - Unauthorized Administrative Access

EDB-ID:

23372

CVE:



Platform:

PHP

Published:

2003-11-11

source: http://www.securityfocus.com/bid/9018/info

PHP-Coolfile allows unauthorized administrative access due to an error in the way access is evaluated in the action.php file. This could allow a remote user to obtain the administrative username and password for the site.

www.site.com/php-coolfile/action.php?action=edit&file=config.php