Vulnerability CVE-2008-7024


Published: 2009-08-21   Modified: 2012-02-12

Description:
admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."

See advisories in our WLB2 database:
Topic
Author
Date
Med.
The Gemini Portal <= 4.7 / Insecure Cookie Handling Vulnerability
Pepelux
27.09.2008

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Arzdev -> Gemini lite 
Arzdev -> Gemini portal 

 References:
http://www.securityfocus.com/archive/1/496761/100/0/threaded
http://www.securityfocus.com/bid/31429
https://exchange.xforce.ibmcloud.com/vulnerabilities/45439
https://www.exploit-db.com/exploits/6584

Copyright 2024, cxsecurity.com

 

Back to Top