Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
22 lines (13 sloc) 670 Bytes

PHP Scripts Mall Advance Peer to Peer MLM Script Version 1.7.0 - Improper Access Control

CVE-ID :- CVE-2019-6126

Product :- Advance Peer to Peer MLM Script Version:- 1.7.0 Vendor:- PHP Scripts Mall Vendor URL:- https://www.phpscriptsmall.com/product/advance-peer-peer-mlm-script/

Proof of Concept:-

Admin Demo:- http://74.124.215.220/~clienemo/nila/advanced-peertopeer-mlm/admin/

Bypass login Page by visiting http://74.124.215.220/~clienemo/nila/advanced-peertopeer-mlm/admin/dashboard.php

This lead to information disclosure of users and staff User- http://74.124.215.220/~clienemo/nila/advanced-peertopeer-mlm/admin/user.php