vendor:
Explay CMS
by:
Stack
7.5
CVSS
HIGH
Insecure Cookie Handling
614
CWE
Product Name: Explay CMS
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: YES
Related CWE: CVE-2008-4456
CPE: a:explay:explay_cms
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1289/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0110/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1461/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-4456/, https://www.rapid7.com/db/vulnerabilities/apple-osx-mysql-cve-2008-4456/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-4456/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-4456/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008
Explay CMS <= 2.1 Insecure Cookie Handling Vulnerability
Explay CMS version 2.1 and prior is vulnerable to an insecure cookie handling vulnerability. This vulnerability allows an attacker to gain administrative access to the CMS. The attacker can exploit this vulnerability by setting the login and pass cookies to 1.
Mitigation:
Upgrade to Explay CMS version 2.2 or later.