CVE-2008-2682

EUVD-2008-2677
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
realm_projectrealm_cms
2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://bugreport.ir/index.php?/40
http://secunia.com/advisories/30583
http://www.securityfocus.com/bid/29616
https://exchange.xforce.ibmcloud.com/vulnerabilities/42960
https://www.exploit-db.com/exploits/5766
http://bugreport.ir/index.php?/40
http://secunia.com/advisories/30583
http://www.securityfocus.com/bid/29616
https://exchange.xforce.ibmcloud.com/vulnerabilities/42960
https://www.exploit-db.com/exploits/5766