CVE-2008-3375

EUVD-2008-3362
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
jamroomjamroom
𝑥
≤ 3.3.8
jamroomjamroom
1.0
jamroomjamroom
1.0:b1
jamroomjamroom
1.0:b2
jamroomjamroom
1.0:b3
jamroomjamroom
1.0:b4
jamroomjamroom
1.0:b5
jamroomjamroom
2.0.9:a
jamroomjamroom
2.6.10
jamroomjamroom
2.6.11
jamroomjamroom
2.6.12
jamroomjamroom
2.60
jamroomjamroom
2.60:rc2
jamroomjamroom
2.60:rc3
jamroomjamroom
2.61
jamroomjamroom
2.62
jamroomjamroom
2.63
jamroomjamroom
2.64
jamroomjamroom
2.65
jamroomjamroom
2.66
jamroomjamroom
2.67
jamroomjamroom
2.68
jamroomjamroom
2.69
jamroomjamroom
3.0
jamroomjamroom
3.0:b1
jamroomjamroom
3.0:b2
jamroomjamroom
3.0:b3
jamroomjamroom
3.0:b4
jamroomjamroom
3.0:b5
jamroomjamroom
3.0:b6
jamroomjamroom
3.0:b7
jamroomjamroom
3.0:b8
jamroomjamroom
3.0.1
jamroomjamroom
3.0.2
jamroomjamroom
3.0.3
jamroomjamroom
3.0.4
jamroomjamroom
3.0.5
jamroomjamroom
3.0.6
jamroomjamroom
3.0.7
jamroomjamroom
3.0.8
jamroomjamroom
3.0.9
jamroomjamroom
3.0.10
jamroomjamroom
3.0.11
jamroomjamroom
3.0.12
jamroomjamroom
3.0.13
jamroomjamroom
3.0.14
jamroomjamroom
3.0.15
jamroomjamroom
3.0.16
jamroomjamroom
3.0.17
jamroomjamroom
3.0.18
jamroomjamroom
3.0.19
jamroomjamroom
3.0.20
jamroomjamroom
3.0.21
jamroomjamroom
3.0.22
jamroomjamroom
3.0.23
jamroomjamroom
3.0.24
jamroomjamroom
3.0.25
jamroomjamroom
3.0.26
jamroomjamroom
3.0.27
jamroomjamroom
3.0.28
jamroomjamroom
3.0.29
jamroomjamroom
3.0.30
jamroomjamroom
3.1.0
jamroomjamroom
3.1.0:b1
jamroomjamroom
3.1.0:b2
jamroomjamroom
3.1.0:b3
jamroomjamroom
3.1.1
jamroomjamroom
3.1.2
jamroomjamroom
3.1.3
jamroomjamroom
3.1.4
jamroomjamroom
3.1.5
jamroomjamroom
3.2.0
jamroomjamroom
3.2.1
jamroomjamroom
3.2.2
jamroomjamroom
3.2.3
jamroomjamroom
3.2.4
jamroomjamroom
3.2.5
jamroomjamroom
3.2.6
jamroomjamroom
3.3.0
jamroomjamroom
3.3.1
jamroomjamroom
3.3.2
jamroomjamroom
3.3.3
jamroomjamroom
3.3.4
jamroomjamroom
3.3.5
jamroomjamroom
3.3.6
jamroomjamroom
3.3.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/31249
http://securityreason.com/securityalert/4069
http://www.gulftech.org/?node=research&article_id=00117-07282008
http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1178
http://www.jamroom.net/phpBB2/viewtopic.php?t=24454
http://www.securityfocus.com/archive/1/494820/100/0/threaded
http://www.securityfocus.com/bid/30406
https://exchange.xforce.ibmcloud.com/vulnerabilities/44048
http://secunia.com/advisories/31249
http://securityreason.com/securityalert/4069
http://www.gulftech.org/?node=research&article_id=00117-07282008
http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1178
http://www.jamroom.net/phpBB2/viewtopic.php?t=24454
http://www.securityfocus.com/archive/1/494820/100/0/threaded
http://www.securityfocus.com/bid/30406
https://exchange.xforce.ibmcloud.com/vulnerabilities/44048