PT-2009-3445 · Celerbb · Celerbb

Drosophila

Published

2009-03-09

Updated

2018-10-10

CVE-2009-0853

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CelerBB version 0.0.2

Description The issue allows remote attackers to bypass authentication and obtain administrative access. This is achieved by using special characters in the Username parameter. For example, an attacker could use a value like 'admin'# for the Username parameter to exploit this issue.

Recommendations For CelerBB version 0.0.2, consider disabling the login functionality until a patch is available, or restrict access to the login.php file to minimize the risk of exploitation. Avoid using special characters in the Username parameter until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-0853

Affected Products

Celerbb

PT-2009-3445 · Celerbb · Celerbb

CVE-2009-0853

Weakness Enumeration

Related Identifiers

Affected Products

References · 4