CVE-2008-6523

Name of the Vulnerable Software and Affected Versions openInvoice versions 0.90 beta and earlier

Description The issue allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. This can be combined with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.

Recommendations For openInvoice versions 0.90 beta and earlier, consider disabling the authentication mechanism that uses the oiauth cookie until a patch is available. Restrict access to the resetpass.php file to minimize the risk of exploitation. Avoid using the oiauth cookie for authentication purposes until the issue is resolved.