There is an unused file found in admin/functions/login.php. Within this file, however, is an SQL injection that can be used to bypass authentication and login as any admin user.
To see this working, create the following HTML file, replace the URL with your installation and hit the "Login" button, and you will be authenticated as the first admin user in the database:
There is an unused file found in
admin/functions/login.php. Within this file, however, is an SQL injection that can be used to bypass authentication and login as any admin user.To see this working, create the following HTML file, replace the URL with your installation and hit the "Login" button, and you will be authenticated as the first admin user in the database:
This pull request removes this file due to it no longer being in use and posing a security risk.