Description
functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.
References (4)
Core 4
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2005-07/0522.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/18389
Various Sources x_refsource_confirm
http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16287
Scores
EPSS
0.0148
EPSS Percentile
70.7%
Details
CWE
CWE-287
Status
published
Products (1)
jasio.net/ragnarok_online_control_panel
4.3.4a
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026