VULHUB ™

Digi-news and Digi-ads version 1.1 allow administrative access without a remote attacker having knowledge of the account password by keeping necessary credentials client-side in a cookie. Essentially, as long as an attacker has a valid administrative login name, they can use their own password to authenticate.

Digi-news and Digi-ads version 1.1 allow administrative access without a remote attacker having knowledge of the account password by keeping necessary credentials client-side in a cookie. Essentially, as long as an attacker has a valid administrative login name, they can use their own password to authenticate.