RSS   Vulnerabilities for 'Evilsentinel'   RSS

2008-01-17
 
CVE-2008-0351

CWE-287
 

 
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.

 
 
CVE-2008-0350

CWE-264
 

 
admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.

 


Copyright 2019, cxsecurity.com

 

Back to Top