CVE-2004-0261

OpenJournal 2.0-2.0.5 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0261. PoCs published by Tri Huynh.

AI-analyzed exploit summary The exploit describes an authentication bypass vulnerability in OpenJournal due to improper sanitization of URI parameters. Attackers can manipulate the 'uid' parameter to bypass authentication and perform actions like adding users.

Description

oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Tri Huynh · textwebappscgi
https://www.exploit-db.com/exploits/23659

The exploit describes an authentication bypass vulnerability in OpenJournal due to improper sanitization of URI parameters. Attackers can manipulate the 'uid' parameter to bypass authentication and perform actions like adding users.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: OpenJournal (version not specified)
No auth needed
Prerequisites: Access to the target OpenJournal instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9598
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/3872
Various Sources x_refsource_confirm
http://www.grohol.com/downloads/oj/latest/changelog.txt
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107619136600713&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15069

Scores

EPSS 0.0477
EPSS Percentile 90.8%

Details

Status published
Products (6)
openjournal/openjournal 2.0
openjournal/openjournal 2.0_1
openjournal/openjournal 2.0_2
openjournal/openjournal 2.0_3
openjournal/openjournal 2.0_4
openjournal/openjournal 2.0_5
Published Nov 23, 2004
Tracked Since Feb 18, 2026