CVE-2008-4622

Name of the Vulnerable Software and Affected Versions phpFastNews version 1.0.0

Description The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the fn-loggedin cookie to 1, exploiting the isLoggedIn function in fastnews-code.php.

Recommendations For phpFastNews version 1.0.0, as a temporary workaround, consider modifying the isLoggedIn function to properly validate the fn-loggedin cookie. Restrict access to administrative features until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.