Description
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by kurdish hackers team · textwebappsphp
https://www.exploit-db.com/exploits/10233
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/0911-exploits/phpbazar-access.txt
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37132
Scores
EPSS
0.0139
EPSS Percentile
80.4%
Details
CWE
CWE-264
Status
published
Products (4)
smartisoft/phpbazar
2.0.2
smartisoft/phpbazar
2.1.0
smartisoft/phpbazar
2.1.1fix
smartisoft/phpbazar
< 2.1.1
Published
Dec 07, 2009
Tracked Since
Feb 18, 2026