Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0412


Vulnerability Score 7.5 7.5
CVE Id CVE-2009-0412
Last Modified 04 Feb 2009 12:00:00
Published 03 Feb 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

Vulnerable Systems


  • Interspire Shopping Cart 4.0.1


XF - interspire-classauth-security-bypass(47899)

SECTRACK - 1021557

BID - 33212

BUGTRAQ - 20090112 [BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below

Last Updated: 27 May 2016 10:50:14