PT-2010-1730 · Wb · Wb News
The G0Bl!N
·
Publicado
2010-07-09
·
Atualizado
2017-09-19
·
CVE-2009-4927
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WB News version 2.1.2
Description
The issue allows remote attackers to bypass authentication and gain administrative access by modifying the
WBNEWS cookie. This can be achieved by setting the WBNEWS cookie to 1.Recommendations
For WB News version 2.1.2, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the modified
WBNEWS cookie to prevent unauthorized access.Exploit
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wb News