Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6523


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6523
Last Modified 26 Mar 2009 12:00:00
Published 25 Mar 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.

Vulnerable Systems


  • Cale Dunlap Openinvoice 0.90


XF - openinvoice-cookie-security-bypass(41947)

BID - 28854

MILW0RM - 5466

Last Updated: 27 May 2016 10:49:14