exploitDog

CVE-2009-3904

Опубликовано: 06 нояб. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cubecart:cubecart:4.3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.0518

Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-p5ch-p6v5-5j79

github

почти 4 года назад

classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.

EPSS

Процентиль: 90%

0.0518

Низкий

7.5 High

CVSS2

Дефекты

CWE-264