Vulnerability Details CVE-2009-0412
The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/archive/1/499967/100/0/threaded
- http://www.securityfocus.com/bid/33212
- http://www.securitytracker.com/id?1021557
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47899
- http://www.securityfocus.com/archive/1/499967/100/0/threaded
- http://www.securityfocus.com/bid/33212
- http://www.securitytracker.com/id?1021557
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47899
Products affected by CVE-2009-0412
-
cpe:2.3:a:interspire:shopping_cart:4.0.1