Description

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

Remediation

References

CVE-2004-2638

Related Vulnerabilities

WordPress Plugin FL3R FeelBox Multiple Vulnerabilities (8.1)

Ampache Improper Authentication Vulnerability (CVE-2007-4438)

WordPress Plugin Quick Page/Post Redirect Open Redirect (5.1.5)

WordPress Plugin Bloom eMail Opt-In Security Bypass (1.1)

IBM WebSEAL Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-4707)

Severity

High

Classification

CVE-2004-2638

Tags

Missing Update Known Vulnerabilities