CGI Script Center Account Manager LITE / PRO Administrative Password Alteration Vulnerability

Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command:

http://target/cgibin/amadmin.pl?setpasswd

This would grant the user full administrative privileges which includes the capability of granting and revoking user access to secured areas of the target website.


 

Privacy Statement
Copyright 2010, SecurityFocus