Back to search
CVE-2008-6269
Published: Feb 25, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
joovili-multiple-cookie-security-bypass(46272)
vdb-entry
x_refsource_XF
32491
third-party-advisory
x_refsource_SECUNIA
6955
exploit
x_refsource_EXPLOIT-DB
32058
vdb-entry
x_refsource_BID
ADV-2008-2978
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now