CVE-2007-2822 Information

Description

TutorialCMS 1.01 and earlier when register_globals is enabled allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php (b) headerLinks.php (c) submit1.php (d) myFav.php and (e) userCP.php.

Reference

http://osvdb.org/36520 http://secunia.com/advisories/25358 http://www.vupen.com/english/advisories/2007/1903 http://www.wavelinkmedia.com/scripts/tutorialcms/ https://exchange.xforce.ibmcloud.com/vulnerabilities/34401 https://www.exploit-db.com/exploits/3963