Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2009-3904

Published: 06/11/2009 Updated: 10/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Cubecart

Vulnerability Summary

classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote malicious users to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.

Vulnerable Product Search on Vulmon Subscribe to Product

cubecart cubecart 4.3.4

Vendor Advisories

Debian Security Advisories: DSA-1941-1 poppler -- several vulnerabilities
Several integer overflows, buffer overflows and memory allocation errors were discovered in the Poppler PDF rendering library, which may lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed PDF document An update for the old stable distribution (etch) will be issued soon as version 045-51etc ...

Exploits

Exploit DB: CubeCart 4 - Session Management Bypass
CubeCart 4 Session Management Bypass Release Date: 2009/10/29 Author: Bogdan Calin (bogdan [at] acunetix [dot] com) Severity: Critical Vendor Status: Vendor has released an updated version I Background >From Wikipedia: CubeCart is a free-to-use eCommerce software solution, designed to allow individuals and businesses sell tangible and digita ...

References

CWE-264http://www.securityfocus.com/bid/36882http://secunia.com/advisories/37197http://forums.cubecart.com/index.php?showtopic=39748http://forums.cubecart.com/index.php?showtopic=39691?read=1http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/http://www.securitytracker.com/id?1023120http://www.vupen.com/english/advisories/2009/3113https://exchange.xforce.ibmcloud.com/vulnerabilities/54062http://www.securityfocus.com/archive/1/507594/100/0/threadedhttps://www.debian.org/security/./dsa-1941https://nvd.nist.govhttps://www.exploit-db.com/exploits/9875/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook