Back to search
CVE-2007-5913
Published: Nov 10, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
27533
third-party-advisory
x_refsource_SECUNIA
jbcexplorer-authinc-security-bypass(38269)
vdb-entry
x_refsource_XF
42069
vdb-entry
x_refsource_OSVDB
26332
vdb-entry
x_refsource_BID
http://mgsdl.free.fr/?1:33
x_refsource_MISC
20071104 JBC Explorer <= V7.20 RC 1 Remote Code Execution Exploit
mailing-list
x_refsource_BUGTRAQ
3358
third-party-advisory
x_refsource_SREASON
4608
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now