Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/tweekdm-document-management-authentication-bypass-sql-injection-vulnerabilities.html

Date:
04-Apr-2017

Product:
Tweek!DM Document Management

Versions affected:
Unknown

Vulnerabilities:
1) Authentication bypass – the software sends a 301 Location redirect
back to the login page, if an unauthenticated user requests an
authenticated administration page. However on the PHP side the script
does not exit(0); therefore…