Authentication flaw

2008-06-1212:21:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

JSON

_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.

CPENameOperatorVersion
realm_cmseq2.3

CPE	Name	Operator	Version
	realm_cms	eq	2.3

References

bugreport.ir/index.php?/40

secunia.com/advisories/30583

www.securityfocus.com/bid/29616

exchange.xforce.ibmcloud.com/vulnerabilities/42960

www.exploit-db.com/exploits/5766