PT-2009-2625 · Ekin · Ekinboard

Eugene Minaev

Published

2009-09-02

Updated

2017-09-29

CVE-2008-7156

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions EkinBoard versions 1.1.0 and earlier

Description The issue allows remote attackers to bypass authorization and gain administrator privileges. This can be achieved by setting the groups[] parameter to 2. An example of exploitation is via the backup.php endpoint.

Recommendations For EkinBoard versions 1.1.0 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the backup.php endpoint until a fix is available. As a temporary workaround, avoid using the groups[] parameter in sensitive operations until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-7156

Affected Products

Ekinboard

PT-2009-2625 · Ekin · Ekinboard

CVE-2008-7156

Weakness Enumeration

Related Identifiers

Affected Products

References · 4