#76 security hole in admin.php3

closed-fixed
David Norman
8
2000-09-04
2000-08-13
David Norman
No

If a user is logged in, they can go to admin.php3 with no problem and just nothing displays, but if the user knows the source of the admin script, they can add op=somefunction and there is no check in the function to make sure that they have the proper rights to access it.

Discussion

  • David Norman
    David Norman
    2000-08-13

    • priority: 5 --> 8
     
  • David Norman
    David Norman
    2000-09-04

    Fixed in CVS.

     
  • David Norman
    David Norman
    2000-09-04

    • assigned_to: nobody --> deekayen
    • status: open --> closed-fixed