eXtplorer "ext_find_user()" Authentication Bypass Vulnerability

SECUNIA ADVISORY ID:
SA51636

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51636/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51636

RELEASE DATE:
2012-12-27
DESCRIPTION:
A vulnerability has been reported in eXtplorer, which can be
exploited by malicious people to bypass certain security
restrictions.

An error within the "ext_find_user()" function in users.php can be
exploited to bypass the authentication mechanism and login as an
arbitrary user.

The vulnerability is reported in versions 2.1.2, 2.1.1, and 2.1.0.
Other versions may also be affected.

SOLUTION:
Update to version 2.1.3.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Brendan Coles, itsecuritysolutions.org.

ORIGINAL ADVISORY:
http://extplorer.net/news/12

RECENT ARTICLE

RECENT POST