Family: CGI abuses --> Category: attack
phpauction Admin Authentication Bypass Vulnerability Scan
Vulnerability Scan Summary
Attempts to bypass phpauction administrative authentication
Detailed Explanation for this Vulnerability Test
The remote host is running phpauction prior or equal to 2.0 (or a modified
There is a flaw when handling cookie-based authentication credentials which
may allow a possible hacker to gain unauthorized administrative access to the
See also : http://pentest.tele-consulting.com/advisories/04_12_21_phpauction.txt
Solution : Upgrade to a version > 2.0 of this software and/or restrict access
rights to the administrative directory using .htaccess.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.