VULHUB ™

phpRank does not provide sufficient error checking with regards to functions which access the underlying MySQL database. As a result, when the database is inaccessible or temporarily unavailable it is possible for remote attackers to authenticate as any user to phpRank using a null password. This problem occurs because the vulnerable script still attempts to authenticate the user even though authentication data cannot be fetched from the database.

phpRank does not provide sufficient error checking with regards to functions which access the underlying MySQL database. As a result, when the database is inaccessible or temporarily unavailable it is possible for remote attackers to authenticate as any user to phpRank using a null password. This problem occurs because the vulnerable script still attempts to authenticate the user even though authentication data cannot be fetched from the database.