security hole in admin.php3

Status: Abandoned

Brought to you by: deekayen

#76 security hole in admin.php3

Status: closed-fixed

Owner: David Norman

Labels: Administration (33)

Priority: 8

Updated: 2000-09-04

Created: 2000-08-13

Creator: David Norman

Private: No

If a user is logged in, they can go to admin.php3 with no problem and just nothing displays, but if the user knows the source of the admin script, they can add op=somefunction and there is no check in the function to make sure that they have the proper rights to access it.

Discussion

David Norman - 2000-08-13

priority: 5 --> 8
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

David Norman - 2000-09-04

Fixed in CVS.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

David Norman - 2000-09-04

assigned_to: nobody --> deekayen

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

security hole in admin.php3

Group

Searches

Help

#76 security hole in admin.php3

Discussion