December 28 2012 - 6:00am
eXtplorer "ext_find_user()" Authentication Bypass Vulnerability
A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.
eXtplorer was notified of a problem within the authentication system of eXtplorer Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 that have been found to be vulnerable to an authentication bypass bug.
An error within the "ext_find_user()" function in users.php can be exploited to bypass the authentication mechanism and login as an arbitrary user.