JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jiro | banner_system | 1.0_experience |
| jiro | banner_system | 1.0_professional |