Yamamah Database Download Authorisation Security Issue

Secunia Advisory SA49298

Description

A security issue has been discovered in Yamamah, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to the application allowing database download requests via cp/export.php without checking authorisation. This can be exploited to download the database contents and disclose sensitive information.

The security issue is confirmed in version 1.1.0. Other versions may also be affected.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Yamamah Database Download Authorisation Security Issue

User Message [+] tgthyu RE: Yamamah Database Download Authorisation Security Issue This reply has been deleted User Message [-] tgthyu RE: Yamamah Database Download Authorisation Security Issue 30th May, 2012 06:00 Score: -4012 Posts: 126 User Since: 30th May 2012 System Score: N/A Location: DZ Last edited on 30th May, 2012 06:00 Post deleted. Was this reply relevant? +0 -100 tgthyu RE: Yamamah Database Download Authorisation Security Issue [+] This reply has been deleted tgthyu RE: Yamamah Database Download Authorisation Security Issue [-] 30th May, 2012 07:35 Score: -4012 Posts: 126 User Since: 30th May 2012 System Score: N/A Location: DZ Last edited on 30th May, 2012 07:35 Post deleted. Was this reply relevant? +0 -0 tgthyu RE: Yamamah Database Download Authorisation Security Issue [+] This reply has been deleted tgthyu RE: Yamamah Database Download Authorisation Security Issue [-] 30th May, 2012 07:40 Score: -4012 Posts: 126 User Since: 30th May 2012 System Score: N/A Location: DZ Last edited on 30th May, 2012 07:40 Post deleted. Was this reply relevant? +0 -0 tgthyu RE: Yamamah Database Download Authorisation Security Issue [+] This reply has been deleted tgthyu RE: Yamamah Database Download Authorisation Security Issue [-] 30th May, 2012 07:43 Score: -4012 Posts: 126 User Since: 30th May 2012 System Score: N/A Location: DZ Last edited on 30th May, 2012 07:43 Post deleted. Was this reply relevant? +0 -0 tgthyu RE: Yamamah Database Download Authorisation Security Issue [+] This reply has been deleted tgthyu RE: Yamamah Database Download Authorisation Security Issue [-] 30th May, 2012 07:50 Score: -4012 Posts: 126 User Since: 30th May 2012 System Score: N/A Location: DZ Last edited on 30th May, 2012 07:50 Post deleted. Was this reply relevant? +0 -0 tgthyu RE: Yamamah Database Download Authorisation Security Issue [+] This reply has been deleted tgthyu RE: Yamamah Database Download Authorisation Security Issue [-] 30th May, 2012 07:52 Score: -4012 Posts: 126 User Since: 30th May 2012 System Score: N/A Location: DZ Last edited on 30th May, 2012 07:52 Post deleted. Was this reply relevant? +0 -0 tgthyu RE: Yamamah Database Download Authorisation Security Issue [+] This reply has been deleted tgthyu RE: Yamamah Database Download Authorisation Security Issue [-] 30th May, 2012 07:55 Score: -4012 Posts: 126 User Since: 30th May 2012 System Score: N/A Location: DZ Last edited on 30th May, 2012 07:55 Post deleted. Was this reply relevant? +0 -0 tgthyu RE: Yamamah Database Download Authorisation Security Issue [+] This reply has been deleted tgthyu RE: Yamamah Database Download Authorisation Security Issue [-] 30th May, 2012 07:56 Score: -4012 Posts: 126 User Since: 30th May 2012 System Score: N/A Location: DZ Last edited on 30th May, 2012 07:56 Post deleted. Was this reply relevant? +0 -0 tgthyu RE: Yamamah Database Download Authorisation Security Issue [+] This reply has been deleted tgthyu RE: Yamamah Database Download Authorisation Security Issue [-] 30th May, 2012 07:57 Score: -4012 Posts: 126 User Since: 30th May 2012 System Score: N/A Location: DZ Last edited on 30th May, 2012 07:57 Post deleted. Was this reply relevant? +0 -0 tgthyu RE: Yamamah Database Download Authorisation Security Issue [+] This reply has been deleted tgthyu RE: Yamamah Database Download Authorisation Security Issue [-] 30th May, 2012 07:58 Score: -4012 Posts: 126 User Since: 30th May 2012 System Score: N/A Location: DZ Last edited on 30th May, 2012 07:58 Post deleted. Was this reply relevant? +0 -0

You must be logged in to post a comment.