CVE-2008-7024

EUVD-2008-6983
admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
arzdevgemini_lite
3.5
arzdevgemini_lite
3.6
arzdevgemini_portal
4.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/48639
http://secunia.com/advisories/32057
http://www.securityfocus.com/archive/1/496761/100/0/threaded
http://www.securityfocus.com/bid/31429
https://exchange.xforce.ibmcloud.com/vulnerabilities/45439
https://www.exploit-db.com/exploits/6584
http://osvdb.org/48639
http://secunia.com/advisories/32057
http://www.securityfocus.com/archive/1/496761/100/0/threaded
http://www.securityfocus.com/bid/31429
https://exchange.xforce.ibmcloud.com/vulnerabilities/45439
https://www.exploit-db.com/exploits/6584