Description - Authentication Bypass and PHP Insertion in ACal
PHP Code Execution found in ACal script.
Vulnerabe script: login.php
To authorize any user forum scripts checks only one cookie variable: ACalAuthenticate
Forum dont make password comparison.
Registered users can modify header.php and footer.php files. System access is possible.
Order Source Code Review
Protect against attacks by source code audit of your website done by eVuln team.The work will be done by specialists in web application security.