CVE-2008-6965

Name of the Vulnerable Software and Affected Versions: AJ Square AJ Auction (affected versions not specified)

Description: The issue allows remote attackers to bypass authentication by making a direct request to certain API endpoints, including (1) "site.php", (2) "auction.php", (3) "mail.php", (4) "fee setting.php", (5) "earnings.php", (6) "insertion fee settings.php", (7) "custom category.php", (8) "subcategory.php", (9) "category.php", (10) "report.php", (11) "store manager.php", and (12) "choose sell format.php" in the "admin/" directory. This bypass is possible because the scripts do not exit after sending a redirect when called directly.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.