[原文]Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1.
phpBazar contains a flaw that may allow a malicious user to bypass authentication and gain access to unauthorized privileges. The issue is triggered when an attacker sends a specially crafted request to the admin.php script. The flaw is likely due to the 'value' variable and may lead to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.