Description
login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside".
Affected products
- acal / calendar_project2.2.5 – 2.2.5
References
- MISChttp://securityreason.com/securityalert/343
- MISChttp://evuln.com/vulns/25/summary.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/0152
- VENDOR_ADVISORYhttp://secunia.com/advisories/18432
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/24104
- MISChttp://www.securityfocus.com/archive/1/421744/100/0/threaded
- MISChttp://www.osvdb.org/22344