CVE-2008-7024

Name of the Vulnerable Software and Affected Versions Arz Development The Gemini Portal versions 4.7 and earlier

Description The issue allows remote attackers to bypass authentication and gain administrator privileges. This can be achieved by setting the user cookie to "admin" and the name parameter to "users" in the "admin.php" endpoint.

Recommendations For versions 4.7 and earlier, as a temporary workaround, consider restricting access to the "admin.php" endpoint until a patch is available. Avoid using the name parameter in the "admin.php" endpoint with the value "users" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.