Vulnerability Description
admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arzdev | Gemini Lite | 3.5 |
| Arzdev | Gemini Portal | 4.7 |
Related Weaknesses (CWE)
References
- http://osvdb.org/48639
- http://secunia.com/advisories/32057Vendor Advisory
- http://www.securityfocus.com/archive/1/496761/100/0/threaded
- http://www.securityfocus.com/bid/31429Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45439
- https://www.exploit-db.com/exploits/6584
- http://osvdb.org/48639
- http://secunia.com/advisories/32057Vendor Advisory
- http://www.securityfocus.com/archive/1/496761/100/0/threaded
- http://www.securityfocus.com/bid/31429Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45439
- https://www.exploit-db.com/exploits/6584
FAQ
What is CVE-2008-7024?
CVE-2008-7024 is a vulnerability with a CVSS score of 6.8 (MEDIUM). admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the ...
How severe is CVE-2008-7024?
CVE-2008-7024 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7024?
Check the references section above for vendor advisories and patch information. Affected products include: Arzdev Gemini Lite, Arzdev Gemini Portal.