CVE-2005-4861

Ragnarok Online Control Panel <4.3.4a - Auth Bypass

Title source: llm

Description

functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2005-07/0522.html

[Vendor Advisory] http://secunia.com/advisories/16287

[Various Sources] http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6

[Third Party Advisory, VDB Entry] http://www.osvdb.org/18389

Scores

EPSS 0.0051

EPSS Percentile 66.0%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

jasio.net/ragnarok_online_control_panel

Timeline

Published Dec 31, 2005

Tracked Since Feb 18, 2026