CVE-2009-1283

Name of the Vulnerable Software and Affected Versions glFusion versions prior to 1.1.3

Description The issue allows remote attackers to gain privileges by obtaining a user-provided password hash and using it in the glf password cookie. This can be exploited in conjunction with a separate SQL injection vulnerability to steal hashes.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the glf password cookie to minimize the risk of exploitation.