Vulnerability Description
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realm Project | Realm Cms | 2.3 |
Related Weaknesses (CWE)
References
- http://bugreport.ir/index.php?/40Exploit
- http://secunia.com/advisories/30583Vendor Advisory
- http://www.securityfocus.com/bid/29616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42960
- https://www.exploit-db.com/exploits/5766
- http://bugreport.ir/index.php?/40Exploit
- http://secunia.com/advisories/30583Vendor Advisory
- http://www.securityfocus.com/bid/29616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42960
- https://www.exploit-db.com/exploits/5766
FAQ
What is CVE-2008-2682?
CVE-2008-2682 is a vulnerability with a CVSS score of 7.5 (HIGH). _RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName...
How severe is CVE-2008-2682?
CVE-2008-2682 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2682?
Check the references section above for vendor advisories and patch information. Affected products include: Realm Project Realm Cms.