2007-03-22 23:00:00
mitre
PUBLISHED
admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request.