CVE-2012-2437

AWCM 2.2 contains an unauthenticated cookie forgery vulnerability in cookie_gen.php. An attacker can forge arbitrary cookies by supplying name and content parameters without authentication, as described in multiple sources (PoC shows requests like /awcm/cookie_gen.php?name=...&content=...). Root ...

AWCM 2.2 Access Bypass Vulnerability

AWCM version 2.2 appears to suffer from cookie forgery and direct access vulnerabilities. Vulnerability Report AWCM 2.2 CVE-Candidate-ID: CVE-2012-2437, CVE-2012-2438 Issue: Access Control Bug in AWCM 2.2, Anyone can build the cookie and inserts DB records. Author: Sooel Son sonpostman at gmail d...

Vulnerability Report on AWCM 2.2

Vulnerability Report AWCM 2.2 CVE-Candidate-ID: CVE-2012-2437, CVE-2012-2438 Issue: Access Control Bug in AWCM 2.2, Anyone can build the cookie and inserts DB records. Author: Sooel Son sonpostman at gmail dot com Source Code: http://sourceforge.net/projects/awcm/ 1. Details: CVE-2012-2437 Withou...