vendor:
BASE
by:
Tim Medin
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: BASE
Affected Version From: 1.2.4
Affected Version To: Prior
Patch Exists: YES
Related CWE: CVE-2009-2245
CPE: a:base_project:base
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009
Authentication Bypass in BASE version 1.2.4 and prior – Insecure Cookie Handling Vulnerability
An authentication bypass vulnerability exists in BASE version 1.2.4 and prior due to insecure cookie handling. An attacker can exploit this vulnerability by creating a malicious cookie with the BASERole parameter set to a valid user role. This will allow the attacker to bypass authentication and gain access to the application.
Mitigation:
Upgrade to the latest version of BASE.