Next up is Million Dollar Text Links which is a link exchange application. No authentication checks on the admin home page allows anyone to just browse to the admin contol panel and bypass the login procedure. This will allow full access to the admin panel.

Proof of Concept:

http://sitename[applicationpath]/admin.home.php

Vendor was contacted twice over a 30 day period and didn’t not respond to any of the emails.

The full advisory can be found Here.