TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
AV:N/AC:L/Au:N/C:P/I:P/A:P
07/08/2014
by Teampass
9 months ago