Back to search
CVE-2005-1596
Published: May 16, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.exploits.co.in/Article1134.html
x_refsource_MISC
16216
vdb-entry
x_refsource_OSVDB
ADV-2005-0508
vdb-entry
x_refsource_VUPEN
15257
third-party-advisory
x_refsource_SECUNIA
http://www.securiteam.com/exploits/5OP042KFPU.html
x_refsource_MISC
16217
vdb-entry
x_refsource_OSVDB
fusion-islogged-authentication-bypass(20531)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now