PT-2010-1730 · Wb · Wb News
The G0Bl!N
·
Published
2010-07-09
·
Updated
2017-09-19
·
CVE-2009-4927
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WB News version 2.1.2
Description
The issue allows remote attackers to bypass authentication and gain administrative access by modifying the
WBNEWS cookie. This can be achieved by setting the WBNEWS cookie to 1.Recommendations
For WB News version 2.1.2, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the modified
WBNEWS cookie to prevent unauthorized access.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wb News