The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote malicious users to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
interspire shopping cart 4.0.1 |