[原文]functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.
Ragnarok Online Control Panel Apache Authentication Bypass
Remote / Network Access
Loss of Confidentiality
Ragnarok Online Control Panel contains a flaw in the authentication process that may allow a malicious user to bypass certain security restrictions. The issue is triggered by creating a specially crafted URL with an appended non-restricted page. This flaw may lead to a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.