Test Kennung:	1.3.6.1.4.1.25623.1.0.900927
Kategorie:	Web application abuses
Titel:	OpenForum 'profile.php' Authentication Bypass Vulnerability
Zusammenfassung:	This host is installed with OpenForum and is prone to; Authentication Bypass vulnerability.
Beschreibung:	Summary: This host is installed with OpenForum and is prone to Authentication Bypass vulnerability. Vulnerability Insight: The 'profile.php' script fails to restrict access to the admin function which can be exploited via a direct request with the update parameter set to 1. Vulnerability Impact: Successful exploitation will allow remote attackers to bypass security restrictions and modified user and password parameters. Affected Software/OS: OpenForum version 0.66 Beta and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 32536 Common Vulnerability Exposure (CVE) ID: CVE-2008-7066 http://www.securityfocus.com/bid/32536 https://www.exploit-db.com/exploits/7291 XForce ISS Database: openforum-profile-security-bypass(46969) https://exchange.xforce.ibmcloud.com/vulnerabilities/46969
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.