mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-03 04:13:57 +00:00
791 B
791 B
CVE-2007-5913
Description
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.
POC
Reference
Github
No PoCs found on GitHub currently.