JAKCMS PRO <= 2.2.5 Session Variable Overloading Vulnerability

Description:

JAKCMS has a flaw related to the js/editor/plugins/jakadminexplorer/php/session.php script which does not properly verify a session variable. This can be exploited to bypass the authentication mechanism and gain access to certain administrative functions.

References:

BID-49737
EDB-17882

Disclosure Date:

September 22, 2011