Lucene search
MitreCVE-2008-6523HistoryMar 25, 2009 - 6:30 p.m.
CVE-2008-6523
2009-03-2518:30:00
CWE-287
mitre
web.nvd.nist.gov
28
auth.php
openinvoice
remote attackers
authentication bypass
cookie
privilege escalation
vulnerability
password modification
nvd
cve-2008-6523
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.006
Percentile
79.4%
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
Affected configurations
Node
cale_dunlapopeninvoiceMatch0.90beta
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cale_dunlap | openinvoice | 0.90 | cpe:2.3:a:cale_dunlap:openinvoice:0.90:beta:*:*:*:*:*:* |
Related
prion
prion
Authentication flaw
2009-03-25 18:30:00
cvelist
cvelist
CVE-2008-6523
2009-03-25 18:00:00
nvd
nvd
CVE-2008-6523
2009-03-25 18:30:00
exploitdb
exploitdb
OpenInvoice 0.9 - Arbitrary Change User Password
2008-04-18 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.006
Percentile
79.4%
Related for CVE-2008-6523