CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-6523

auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.018

EPSS Ranking 81.8%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/28854
https://exchange.xforce.ibmcloud.com/vulnerabilities/41947
https://www.exploit-db.com/exploits/5466
http://www.securityfocus.com/bid/28854
https://exchange.xforce.ibmcloud.com/vulnerabilities/41947
https://www.exploit-db.com/exploits/5466

Products affected by CVE-2008-6523

Cale Dunlap » Openinvoice » Version: 0.90

cpe:2.3:a:cale_dunlap:openinvoice:0.90

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-6523

Products

Pricing

Contact Us