Lucene search

[email protected]CVE-2009-2642

HistoryJul 28, 2009 - 7:30 p.m.

CVE-2009-2642

2009-07-2819:30:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2009-2642

desi short url script

authentication bypass

cookie manipulation

index.php

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.

Affected configurations

NVD

Node

desiscriptsdesi_short_url_scriptMatch1.0

CPENameOperatorVersion
desiscripts:desi_short_url_scriptdesiscripts desi short url scripteq1.0

CPE	Name	Operator	Version
desiscripts:desi_short_url_script	desiscripts desi short url script	eq	1.0

References

www.exploit-db.com/exploits/8925

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2009-2642

prion1 cvelist1 nvd1