← back
CVE-2008-6269

CVE-2008-6269

EPSS 2.6%
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/6955unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/32491https://exchange.xforce.ibmcloud.com/vulnerabilities/46272https://www.exploit-db.com/exploits/6955http://www.securityfocus.com/bid/32058http://www.vupen.com/english/advisories/2008/2978