The authentication system is malformed and an attacker is able to foreign request and executes admin commands
The problem is fixed in 1.7.6.6
Enable PS_COOKIE_CHECKIP configuration but it's maybe not enough.
PS_COOKIE_CHECKIP
Improper Authentication - Generic (CWE-287)
Thanks to @komradz86 (his twitter and facebook)
Impact
The authentication system is malformed and an attacker is able to foreign request and executes admin commands
Patches
The problem is fixed in 1.7.6.6
Workarounds
Enable
PS_COOKIE_CHECKIPconfiguration but it's maybe not enough.References
Improper Authentication - Generic (CWE-287)
Thanks to @komradz86 (his twitter and facebook)