CVE-2009-4546

Name of the Vulnerable Software and Affected Versions Logoshows BBS version 2.0

Description The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the pb username (also known as pb%5Fusername) and level cookies.

Recommendations For Logoshows BBS version 2.0, as a temporary workaround, consider restricting access to the globepersonnel login.asp page until a patch is available. Avoid using the pb username and level cookies in the affected login process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.