Lucene search

K
cve[email protected]CVE-2008-5840
HistoryJan 05, 2009 - 4:30 p.m.

CVE-2008-5840

2009-01-0516:30:04
CWE-264
web.nvd.nist.gov
19
php icalendar
authentication bypass
remote attack

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1.

Affected configurations

NVD
Node
phpicalendarphpicalendarRange2.24
OR
phpicalendarphpicalendarMatch0.7
OR
phpicalendarphpicalendarMatch0.8
OR
phpicalendarphpicalendarMatch0.9
OR
phpicalendarphpicalendarMatch0.9.5
OR
phpicalendarphpicalendarMatch1.0
OR
phpicalendarphpicalendarMatch1.1
OR
phpicalendarphpicalendarMatch2.0beta
OR
phpicalendarphpicalendarMatch2.0.1
OR
phpicalendarphpicalendarMatch2.0c
OR
phpicalendarphpicalendarMatch2.1
OR
phpicalendarphpicalendarMatch2.2
OR
phpicalendarphpicalendarMatch2.21
OR
phpicalendarphpicalendarMatch2.22
OR
phpicalendarphpicalendarMatch2.23
OR
phpicalendarphpicalendarMatch2.23rc1
OR
phpicalendarphpicalendar2.0Matchalpha_test

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

Related for CVE-2008-5840