OSVDB ID: 84585

Title: am4ss core.assign_by_ref.php Admin Account Creation

Info

Disclosure

Aug 02, 2012

Discovery

Oct 01, 2011

Dates

Exploit

Aug 02, 2012

Solution

Unknown

Description

am4ss contains a flaw that is triggered when the program fails to properly sanitize input passed via the core.assign_by_ref.php script. This may allow a remote attacker to create an administrative account.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management, Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

am4ss

am4ss

1.2

References

  • Exploit Database: 20199

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/84585