VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header.
AV:N/AC:L/Au:N/C:P/I:P/A:N
08/01/2015
by Vdgsecurity
9 years ago