Vulnerabilities > CVE-2008-6228 - Credentials Management vulnerability in Preproject PRE Multi-Vendor Shopping Malls

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

preproject

CWE-255

exploit available

NVD

Published: 2009-02-20

Updated: 2017-09-29

Summary

Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".

Vulnerable Configurations

Part	Description	Count
Application	Preproject Preproject PRE Multi Vendor Shopping Malls -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	Pre Multi-Vendor Shopping Malls Multiple Remote Vulnerabilities. CVE-2008-6227,CVE-2008-6228. Webapps exploit for php platform
file	exploits/php/webapps/6999.txt
id	EDB-ID:6999
last seen	2016-02-01
modified	2008-11-05
platform	php
port
published	2008-11-05
reporter	G4N0K
source	https://www.exploit-db.com/download/6999/
title	pre multi-vendor shopping malls Multiple Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References