Vulnerabilities > CVE-2002-1058 - Authentication Bypass vulnerability in Cobalt Qube 3.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
cobalt
critical
exploit available

Summary

Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.

Vulnerable Configurations

Part Description Count
Application
Cobalt
1

Exploit-Db

descriptionCobalt Qube 3.0 Authentication Bypass Vulnerability. CVE-2002-1058. Webapps exploit for php platform
idEDB-ID:21640
last seen2016-02-02
modified2002-07-24
published2002-07-24
reporterpokley
sourcehttps://www.exploit-db.com/download/21640/
titleCobalt Qube 3.0 - Authentication Bypass Vulnerability