CVE-2008-6269

Name of the Vulnerable Software and Affected Versions: Joovili version 3.1.4

Description: The issue allows remote attackers to bypass authentication and gain privileges as other users, including the administrator. This is achieved by setting specific cookies, including session id, session logged in, and session username for user privileges, session admin id, session admin username, and session admin for admin privileges, and session staff id, session staff username, and session staff for staff users.

Recommendations: For Joovili version 3.1.4, as a temporary workaround, consider restricting access to sensitive areas of the application until a patch is available. Additionally, avoid using the vulnerable cookie settings for authentication purposes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.