CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.

CitrusDB 0.3.6 及以上版本为 id_hash cookie 生成可预测的 user name 的 MD5哈希，这允许远程攻击者绕过身份验证并获取权限，通过计算 user name 与 "boogaadeeboo" 字符串的 MD5 校验和来计算哈希值。$hidden_hash 变量hard-coded in the PHP script已经固定了哈希值，因此攻击者无法通过修改 PHP 脚本来改变哈希值。

NVD 暂无评分

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）