PT-2009-2187 · U&M · Justbookit

G4N0K

Published

2009-04-13

Updated

2017-09-29

CVE-2008-6718

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions U&M Software JustBookIt version 1.0

Description The issue allows remote attackers to have an unspecified impact by directly requesting certain scripts in the admin/ directory without requiring administrative authentication. The affected scripts include "user manual.php", "user config.php", "user kundnamn.php", "user kundlista.php", "user aktiva kunder.php", "database.php", and possibly "index.php".

Recommendations For U&M Software JustBookIt version 1.0, consider implementing proper administrative authentication for all scripts in the admin/ directory to prevent unauthorized access. As a temporary workaround, restrict access to the vulnerable scripts, such as "user manual.php", "user config.php", "user kundnamn.php", "user kundlista.php", "user aktiva kunder.php", "database.php", and "index.php", to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-6718

Affected Products

Justbookit

PT-2009-2187 · U&M · Justbookit

CVE-2008-6718

Weakness Enumeration

Related Identifiers

Affected Products

References · 3