PHP Scripts Mall Advance Peer to Peer MLM Script Version 1.7.0 - Improper Access Control
CVE-ID :- CVE-2019-6126
Product :- Advance Peer to Peer MLM Script Version:- 1.7.0 Vendor:- PHP Scripts Mall Vendor URL:- https://www.phpscriptsmall.com/product/advance-peer-peer-mlm-script/
Proof of Concept:-
Admin Demo:- http://74.124.215.220/~clienemo/nila/advanced-peertopeer-mlm/admin/
Bypass login Page by visiting http://74.124.215.220/~clienemo/nila/advanced-peertopeer-mlm/admin/dashboard.php
This lead to information disclosure of users and staff User- http://74.124.215.220/~clienemo/nila/advanced-peertopeer-mlm/admin/user.php