Vulnerabilities > CVE-2008-6232 - Credentials Management vulnerability in Preprojects PRE Shopping Mall

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
preprojects
CWE-255
exploit available
NVD
Published: 2009-02-20
Updated: 2017-09-29

Summary

Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".

Vulnerable Configurations

Part Description Count
Application
Preprojects
1

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionPre Shopping Mall Insecure Cookie Handling Vulnerability. CVE-2008-6231,CVE-2008-6232. Webapps exploit for php platform
    fileexploits/php/webapps/6998.txt
    idEDB-ID:6998
    last seen2016-02-01
    modified2008-11-05
    platformphp
    port
    published2008-11-05
    reporterG4N0K
    sourcehttps://www.exploit-db.com/download/6998/
    titlePre Shopping Mall Insecure Cookie Handling Vulnerability
    typewebapps
  • descriptionPre Classified Listings Insecure Cookie Handling Vulnerability. CVE-2008-6231,CVE-2008-6232. Webapps exploit for php platform
    fileexploits/php/webapps/7000.txt
    idEDB-ID:7000
    last seen2016-02-01
    modified2008-11-05
    platformphp
    port
    published2008-11-05
    reporterG4N0K
    sourcehttps://www.exploit-db.com/download/7000/
    titlePre Classified Listings Insecure Cookie Handling Vulnerability
    typewebapps

References