PT-2009-3067 · Interspire · Interspire Shopping Cart

Published

2009-02-03

Updated

2018-10-11

CVE-2009-0412

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Interspire Shopping Cart (ISC) version 4.0.1 Ultimate edition

Description The issue allows remote attackers to bypass authentication and obtain administrative access. This is achieved by reusing the RememberToken cookie after a failed admin login attempt, exploiting the ProcessLogin function in class.auth.php.

Recommendations For Interspire Shopping Cart (ISC) version 4.0.1 Ultimate edition, consider disabling the ProcessLogin function in class.auth.php as a temporary workaround until a patch is available. Restrict access to administrative login attempts to minimize the risk of exploitation. Avoid reusing the RememberToken cookie after a failed admin login attempt until the issue is resolved.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-0412

Affected Products

Interspire Shopping Cart

PT-2009-3067 · Interspire · Interspire Shopping Cart

CVE-2009-0412

Weakness Enumeration

Related Identifiers

Affected Products

References · 6