CVE-2005-4861

Ragnarok Online Control Panel <4.3.4a - Auth Bypass

Title source: llm
STIX 2.1

Description

functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.

References (4)

Core 4
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2005-07/0522.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/18389
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16287

Scores

EPSS 0.0148
EPSS Percentile 70.7%

Details

CWE
CWE-287
Status published
Products (1)
jasio.net/ragnarok_online_control_panel 4.3.4a
Published Dec 31, 2005
Tracked Since Feb 18, 2026