PT-2009-4494 · Grestul · Grestul

The G0Bl!N

Published

2009-06-12

Updated

2017-09-29

CVE-2009-2040

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Grestul version 1.2

Description The issue allows remote attackers to bypass authentication and create administrative accounts. This is achieved by sending a direct request with a manage admin action to the "admin/options.php" endpoint.

Recommendations For Grestul version 1.2, restrict access to the "admin/options.php" endpoint to prevent unauthorized requests, and consider implementing proper authentication mechanisms to prevent bypassing of authentication.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-2040

Affected Products

Grestul

PT-2009-4494 · Grestul · Grestul

CVE-2009-2040

Weakness Enumeration

Related Identifiers

Affected Products

References · 4