PT-2009-4682 · Awscripts.Com · Awscripts.Com Gallery Search Engine

Tiger-Dz

Published

2009-06-26

Updated

2017-09-19

CVE-2009-2233

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AWScripts.com Gallery Search Engine version 1.5

Description The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the awse logged cookie to 1, which enables unauthorized access to the admin interface.

Recommendations For version 1.5, consider temporarily disabling the admin interface until a patch is available. Restrict access to the admin interface to minimize the risk of exploitation. Avoid relying on the awse logged cookie for authentication until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-2233

Affected Products

Awscripts.Com Gallery Search Engine

PT-2009-4682 · Awscripts.Com · Awscripts.Com Gallery Search Engine

CVE-2009-2233

Weakness Enumeration

Related Identifiers

Affected Products

References · 6