Severity
Medium
Analysis Summary
Multiple PHP Factory products could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to log in to the product with administrative privileges.
Impact
Security bypass
Affected Vendors
PHP
Affected Products
- PHP Factory Calendar01 1.0.0
- PHP Factory Calendar02 1.0.0
- PHP Factory PKOBO-News01 1.0.3
- PHP Factory PKOBO-Vote01 1.0.1
- HP Factory Telop01 1.0.0
- PHP Factory Gallery01 1.0.3
- PHP Factory CalendarForm01 1.0.3
- PHP Factory Link01 1.0.0
Remediation
Refer to the PHP Factory Web site for patch, upgrade or suggested workaround information.