CVE-2008-5708 Information

Description

redirect.php in SlimCMS 1.0.0 does not require authentication which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.

Reference

http://securityreason.com/securityalert/4804 http://www.securityfocus.com/bid/31736 https://exchange.xforce.ibmcloud.com/vulnerabilities/45824 https://www.exploit-db.com/exploits/6729