Abuse Melding

Je hebt een klacht over de onderstaande posting:

29-05-2014, 11:37 door [Account Verwijderd]

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/ Details: The default setup allows an unauthenticated user to access administrative functions such as backing up of key files within the CMS. This is done by appending the following to a domain using the software affected: /backup.php?a=2&k=6f15afa1ac4edea0g145e884116334b7 Where “a” is the file number to back up and “k” is the MD5key used to authenticate the administrator, however if “k” does not match the correct key rather than disallowing the unauthenticated user to back up the file the service will provide the user with the correct key. For example: Failure, wrong key. The right key is 5f17aca1ae2edea0f145e884116371a5

Beschrijf je klacht (Optioneel):

captcha