Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php.
Software | From | Fixed in |
---|---|---|
webmasters-debutants / wd_guestbook | 2.8 | 2.8.x |