Multiple Mr. CGI Guy Products Cookie Authentication Bypass Vulnerability

Multiple Mr. CGI Guy products are prone to an authentication-bypass vulnerability because they fail to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain unauthorized administrator access to the affected applications, which may aid in further attacks.

The following are vulnerable:

ClickBank Directory 1.0.1
Hot Links SQL 3.20
Hot Links SQL-PHP 3.2.0
Amazon Directory 1.0 and 2.0
Message Box 1.0
The Ticket System 2.0
The Ticket System PHP 2.0
Ultimate Profit Portal 1.0.1
SimpLISTic SQL 2.0.0
Top Sites 1.0.0


 

Privacy Statement
Copyright 2010, SecurityFocus