CVE-2008-7024

admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
arzdevgemini_lite
3.5
arzdevgemini_lite
3.6
arzdevgemini_portal
4.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/48639
http://secunia.com/advisories/32057
http://www.securityfocus.com/archive/1/496761/100/0/threaded
http://www.securityfocus.com/bid/31429
https://exchange.xforce.ibmcloud.com/vulnerabilities/45439
https://www.exploit-db.com/exploits/6584
http://osvdb.org/48639
http://secunia.com/advisories/32057
http://www.securityfocus.com/archive/1/496761/100/0/threaded
http://www.securityfocus.com/bid/31429
https://exchange.xforce.ibmcloud.com/vulnerabilities/45439
https://www.exploit-db.com/exploits/6584