CVE-2008-6743

Name of the Vulnerable Software and Affected Versions: RSMScript version 1.21

Description: The issue allows remote attackers to bypass authentication and gain administrative privileges. This is achieved by setting the verified cookie to an arbitrary value and making direct requests to specific API endpoints, including "delete.php", "edit-submit.php", "edit.php", "submit.php", and "update.php". This bypasses the security check performed by "verify.php".

Recommendations: For RSMScript version 1.21, as a temporary workaround, consider restricting access to the API endpoints "delete.php", "edit-submit.php", "edit.php", "submit.php", and "update.php" until a patch is available. Additionally, avoid using arbitrary values for the verified cookie to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.