Belchior Foundry VCard 2.8 - Authentication Bypass

Author: saudi linux
type: webapps
platform: php
port: 
date_added: 2004-03-17 
date_updated: 2013-01-03 
verified: 1 
codes: CVE-2004-1828;OSVDB-18721 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9910/info

It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin functionality without having to first authenticate to the application.

This issue may be leveraged to manipulate the application database, potentially destroying data.

http://www.example.com/vcard/admin/uninstall.php
http://www.example.com/vcard/admin/uninstall.php?step=2