CVE-2007-2822

TutorialCMS <= 1.01 - Authentication Bypass via loggedIn and activated Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2822. PoCs published by Silentz.

AI-analyzed exploit summary This is a writeup describing an authentication bypass vulnerability in TutorialCMS <= 1.01. The exploit leverages undefined variables $loggedIn and $activated when register_globals is enabled, allowing unauthorized access to userCP.php and other files.

Description

TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Silentz · textwebappsphp

https://www.exploit-db.com/exploits/3963

View Code ZIP pw:eip

This is a writeup describing an authentication bypass vulnerability in TutorialCMS <= 1.01. The exploit leverages undefined variables $loggedIn and $activated when register_globals is enabled, allowing unauthorized access to userCP.php and other files.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TutorialCMS <= 1.01

No auth needed

Prerequisites: register_globals set to on

MITRE ATT&CK