CVE-2014-3772

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:teampass:teampass:*:beta:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.18:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.15:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.14:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.13:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.19:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.1:*:*:*:*:*:*:*

Information

Published : 2014-08-07 04:13

Updated : 2014-08-07 07:03


NVD link : CVE-2014-3772

Mitre link : CVE-2014-3772


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

teampass

  • teampass