Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-0621. PoCs published by GaMeS.
AI-analyzed exploit summary The exploit demonstrates an authentication bypass vulnerability in Newsletter ZWS by manipulating the 'ulevel' parameter in the URI to elevate privileges. The PoC provides a direct URL to exploit the flaw, allowing unauthorized access to the administrative interface.
Description
admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.
Exploits (1)
The exploit demonstrates an authentication bypass vulnerability in Newsletter ZWS by manipulating the 'ulevel' parameter in the URI to elevate privileges. The PoC provides a direct URL to exploit the flaw, allowing unauthorized access to the administrative interface.