NewsCMSLite - Insecure Cookie Authentication Bypass
| EKU-ID: 37655 | CVE: CVE-2009-0300;CVE-2006-2636;OSVDB-25824 | OSVDB-ID: |
| Author: FarhadKey | Published: 2009-01-24 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 37655 | CVE: CVE-2009-0300;CVE-2006-2636;OSVDB-25824 | OSVDB-ID: |
| Author: FarhadKey | Published: 2009-01-24 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/33467/info NewsCMSLite is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks. javascript:document.cookie = "loggedIn=xY1zZoPQ; path=/"