PT-2009-4569 · Phportal · Phportal

Knockout

Published

2009-06-18

Updated

2017-09-29

CVE-2009-2117

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phPortal version 1.0

Description The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the kulladi cookie to a valid username, exploiting the uye paneli.php file in phPortal.

Recommendations For phPortal version 1.0, consider temporarily restricting access to the uye paneli.php file until a patch is available. Additionally, avoid using the kulladi cookie for authentication purposes in the affected version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-2117

Affected Products

Phportal

PT-2009-4569 · Phportal · Phportal

CVE-2009-2117

Weakness Enumeration

Related Identifiers

Affected Products

References · 3