CVE-2009-3421 Information

Description

login.php in Zenas PaoBacheca Guestbook 2.1 when register_globals is enabled allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.

Reference

http://secunia.com/advisories/36023 http://www.exploit-db.com/exploits/9293 http://www.osvdb.org/56757 https://exchange.xforce.ibmcloud.com/vulnerabilities/52100