Pheap CVE-2007-2985 Information Disclosure Vulnerability

Pheap CVE-2007-2985 Information Disclosure Vulnerability

Pheap is prone to a information disclosure vulnerability. Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator s username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.