Lucene search

[email protected]CVE-2008-4714

HistoryOct 23, 2008 - 5:17 p.m.

CVE-2008-4714

2008-10-2317:17:14

CWE-287

[email protected]

web.nvd.nist.gov

cve-2008-4714

atomic photo album

authentication bypass

administrative access

cookie handling

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.7%

JSON

Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies.

Affected configurations

NVD

Node

atomic_photo_albumatomic_photo_albumMatch1.1.0pre4

CPENameOperatorVersion
atomic_photo_album:atomic_photo_albumatomic photo albumeq1.1.0

CPE	Name	Operator	Version
atomic_photo_album:atomic_photo_album	atomic photo album	eq	1.1.0

References

securityreason.com/securityalert/4497

www.securityfocus.com/bid/31427

www.exploit-db.com/exploits/6580

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.7%

JSON

Related for CVE-2008-4714

nvd1 prion1 cvelist1