PT-2009-2325 · Xigla · Absolute News Manager.Net

Hakxer

·

Published

2009-07-14

·

Updated

2017-09-29

·

CVE-2008-6856

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions: Xigla Software Absolute News Manager.NET version 5.1
Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
Recommendations: For version 5.1, update the software to prevent attackers from bypassing authentication by manipulating cookie values.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-6856

Affected Products

Absolute News Manager.Net