CVE-2009-2293

Опубликовано: 01 июл. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter.

Ссылки

http://osvdb.org/54704
Exploit
http://secunia.com/advisories/35207
Vendor Advisory
http://www.exploit-db.com/exploits/8766
http://www.securityfocus.com/bid/35075
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/50685
http://osvdb.org/54704
Exploit
http://secunia.com/advisories/35207
Vendor Advisory
http://www.exploit-db.com/exploits/8766
http://www.securityfocus.com/bid/35075
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/50685

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tutorial-share:tutorial_share:*:*:*:*:*:*:*:*

Версия до 3.5.0 (включая)

cpe:2.3:a:tutorial-share:tutorial_share:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tutorial-share:tutorial_share:3.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01991

Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-2xq8-5hcx-pxxh

github

почти 4 года назад