CVE-2009-2770

Name of the Vulnerable Software and Affected Versions PowerUpload version 2.4

Description The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by using a MIME encoded value of 'admin' for the myadminname cookie.

Recommendations For PowerUpload version 2.4, as a temporary workaround, consider restricting access to administrative functions until a patch is available. Avoid using the myadminname cookie with a MIME encoded 'admin' value in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.