CVE-2002-0995
PHPAuction - Unauthenticated Privilege Escalation via Direct login.php Action Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-0995. PoCs published by ethx.
AI-analyzed exploit summary This exploit leverages a flaw in PhpAuction's /admin/login.php to create an administrative account by submitting credentials via a POST request. The vulnerability allows privilege escalation by bypassing proper authentication checks.
Description
login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
Exploits (1)
This exploit leverages a flaw in PhpAuction's /admin/login.php to create an administrative account by submitting credentials via a POST request. The vulnerability allows privilege escalation by bypassing proper authentication checks.