PT-2009-6384 · Phpbazar · Phpbazar

Published

2009-12-07

Updated

2009-12-08

CVE-2009-4222

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpBazar versions 2.1.1fix and earlier

Description The issue allows remote attackers to gain access to the admin control panel without proper administrative authentication. This is possible by making a direct request to the admin control panel.

Recommendations For phpBazar versions 2.1.1fix and earlier, ensure that proper authentication mechanisms are implemented to restrict access to the admin control panel, specifically for the admin/admin.php page. As a temporary workaround, consider restricting direct access to the admin/admin.php page until a proper fix is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-4222

Affected Products

Phpbazar

PT-2009-6384 · Phpbazar · Phpbazar

CVE-2009-4222

Weakness Enumeration

Related Identifiers

Affected Products

References · 5