PT-2010-1617 · Graugon · Graugon Php Article Publisher

X0R

Published

2010-04-23

Updated

2017-09-19

CVE-2009-4808

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Graugon PHP Article Publisher version 1.0

Description The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the g admin cookie to 1, effectively allowing unauthorized access to administrative functions.

Recommendations For Graugon PHP Article Publisher version 1.0, consider disabling access to the admin.php file until a proper authentication mechanism is implemented to prevent unauthorized administrative access. Restrict access to the g admin cookie to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-4808

Affected Products

Graugon Php Article Publisher

PT-2010-1617 · Graugon · Graugon Php Article Publisher

CVE-2009-4808

Weakness Enumeration

Related Identifiers

Affected Products

References · 7