Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0412

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-0412
Last Modified 04 Feb 2009 12:00:00
Published 03 Feb 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0412

Summary

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

Vulnerable Systems

Application

  • Interspire Shopping Cart 4.0.1


References

XF - interspire-classauth-security-bypass(47899)

SECTRACK - 1021557

BID - 33212

BUGTRAQ - 20090112 [BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below


Last Updated: 27 May 2016 10:50:14