exploitDog

CVE-2009-0412

Опубликовано: 03 фев. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:interspire:shopping_cart:4.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00383

Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-7vjp-w5h4-xj49

github

почти 4 года назад

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

EPSS

Процентиль: 59%

0.00383

Низкий

7.5 High

CVSS2

Дефекты

CWE-287