Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7024

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-7024
Last Modified 24 Aug 2009 12:00:00
Published 21 Aug 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7024

Summary

admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."

Vulnerable Systems

Application

  • Arzdev Gemini Lite 3.5

  • Arzdev Gemini Lite 3.6

  • Arzdev Gemini Portal 4.7


References

XF - geminiportal-admin-security-bypass(45439)

BID - 31429

BUGTRAQ - 20080926 The Gemini Portal <= 4.7 / Insecure Cookie Handling Vulnerability

MILW0RM - 6584

SECUNIA - 32057

OSVDB - 48639


Last Updated: 27 May 2016 10:49:26