PT-2009-4211 · Unknown · Pad Site Scripts

Mr.Tro0Oqy

Published

2009-05-20

Updated

2017-09-29

CVE-2009-1739

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PAD Site Scripts version 3.6

Description: The issue allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges. This is achieved by setting the authuser cookie parameter to a valid username.

Recommendations: For PAD Site Scripts version 3.6, update the authentication mechanism to properly validate and handle the authuser cookie parameter to prevent unauthorized access. As a temporary workaround, consider implementing additional authentication checks to verify user identities before granting access.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-1739

Affected Products

Pad Site Scripts

PT-2009-4211 · Unknown · Pad Site Scripts

CVE-2009-1739

Weakness Enumeration

Related Identifiers

Affected Products

References · 6