PT-2009-4075 · Php · Php Site Lock

The G0Bl!N

Published

2009-05-07

Updated

2017-09-29

CVE-2009-1587

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PHP Site Lock version 2.0

Description: The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting specific cookie values, including login id, group id, login name, user id, and user type.

Recommendations: For PHP Site Lock version 2.0, consider implementing proper cookie validation and authentication mechanisms to prevent unauthorized access. As a temporary workaround, restrict access to administrative areas of the application until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-1587

Affected Products

Php Site Lock

PT-2009-4075 · Php · Php Site Lock

CVE-2009-1587

Weakness Enumeration

Related Identifiers

Affected Products

References · 6