Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-7086

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 Aug, 2009 | 14:00
Updated At-07 Aug, 2024 | 11:56
Rejected At-
Credits

Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 Aug, 2009 | 14:00
Updated At:07 Aug, 2024 | 11:56
Rejected At:
▼CVE Numbering Authority (CNA)

Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.exploit-db.com/exploits/6050
exploit
x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/30199
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/43744
vdb-entry
x_refsource_XF
Hyperlink: https://www.exploit-db.com/exploits/6050
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securityfocus.com/bid/30199
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/43744
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.exploit-db.com/exploits/6050
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.securityfocus.com/bid/30199
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/43744
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/6050
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/30199
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/43744
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:26 Aug, 2009 | 14:24
Updated At:23 Apr, 2026 | 00:35

Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

maianscriptworld
maianscriptworld
>>maian_greetings>>2.1
cpe:2.3:a:maianscriptworld:maian_greetings:2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/30199cve@mitre.org
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/43744cve@mitre.org
N/A
https://www.exploit-db.com/exploits/6050cve@mitre.org
N/A
http://www.securityfocus.com/bid/30199af854a3a-2127-422b-91ae-364da2661108
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/43744af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.exploit-db.com/exploits/6050af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.securityfocus.com/bid/30199
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/43744
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/6050
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/30199
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/43744
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/6050
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

748Records found

CVE-2026-10777
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 32.48%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 22:30
Updated-04 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ealpha072 Student-Management-System Administrative Backend config.php improper authentication

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-ealpha072
Product-Student-Management-System
CWE ID-CWE-287
Improper Authentication
CVE-2026-10243
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.63% / 45.71%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 09:00
Updated-01 Jun, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Smart Parking System Admin Endpoint missing authentication

A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.

Action-Not Available
Vendor-Source Code & Projects
Product-Smart Parking System
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-26562
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.12% / 79.62%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final).

Action-Not Available
Vendor-kopanon/a
Product-groupware_coren/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-14985
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.32% / 95.45%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 19:17
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.

Action-Not Available
Vendor-eq-3n/a
Product-homematic_ccu2_firmwarehomematic_ccu3_firmwarehomematic_ccu3homematic_ccu2n/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-24259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.00% / 78.36%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 16:10
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.

Action-Not Available
Vendor-voipmonitorn/a
Product-voipmonitorn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-24047
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-5.3||MEDIUM
EPSS-1.87% / 76.74%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 19:51
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618.

Action-Not Available
Vendor-bmcBMC
Product-track-it\!Track-It!
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2010-1670
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.55% / 72.14%
||
7 Day CHG~0.00%
Published-06 Jul, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aMahara
Product-maharan/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-15585
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.63% / 73.40%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 02:21
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitlab CE/EE
CWE ID-CWE-287
Improper Authentication
CVE-2010-1022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.48% / 70.83%
||
7 Day CHG~0.00%
Published-19 Mar, 2010 | 18:35
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.

Action-Not Available
Vendor-marcus_krausen/aTYPO3 Association
Product-t3sec_saltedpwtypo3n/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-14910
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.3||CRITICAL
EPSS-1.05% / 60.24%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 14:16
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-keycloakKeycloak
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-592
DEPRECATED: Authentication Bypass Issues
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-7875
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.67% / 47.34%
||
7 Day CHG~0.00%
Published-20 Jul, 2025 | 07:14
Updated-27 Aug, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Metasoft 美特软件 MetaCRM debug.jsp improper authentication

A vulnerability classified as critical has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-metasoftMetasoft 美特软件
Product-metacrmMetaCRM
CWE ID-CWE-287
Improper Authentication
CVE-2022-28106
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.11% / 61.91%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 12:48
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request.

Action-Not Available
Vendor-online_sports_complex_booking_system_projectn/a
Product-online_sports_complex_booking_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-4830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.34% / 81.54%
||
7 Day CHG-0.07%
Published-27 Apr, 2010 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.

Action-Not Available
Vendor-openxn/a
Product-openxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-4843
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.11% / 79.54%
||
7 Day CHG~0.00%
Published-07 May, 2010 | 17:43
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to (1) the JMX Management Console or (2) the Web Console.

Action-Not Available
Vendor-toutvirtualn/a
Product-virtualiqn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-14909
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.3||CRITICAL
EPSS-1.08% / 60.93%
||
7 Day CHG~0.00%
Published-04 Dec, 2019 | 14:34
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-keycloakKeycloak
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-592
DEPRECATED: Authentication Bypass Issues
CVE-2022-30034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-1.34% / 67.85%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 13:13
Updated-03 Aug, 2024 | 06:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.

Action-Not Available
Vendor-flower_projectn/a
Product-flowern/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-20033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.10% / 61.67%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 17:30
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface.

Action-Not Available
Vendor-n/aNEC Corporation
Product-sv8100_firmwaresv8100n/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-0554
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.82%
||
7 Day CHG~0.00%
Published-04 Feb, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack.

Action-Not Available
Vendor-geoppn/a
Product-geo\+\+_gncastern/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-5077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 70.89%
||
7 Day CHG~0.00%
Published-08 Jun, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.

Action-Not Available
Vendor-creloadedn/a
Product-cre_loadedn/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-16613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.35% / 94.27%
||
7 Day CHG~0.00%
Published-21 Nov, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.

Action-Not Available
Vendor-n/aOpenStackDebian GNU/Linux
Product-debian_linuxswiftswauthn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-4929
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.46% / 82.44%
||
7 Day CHG~0.00%
Published-09 Jul, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.

Action-Not Available
Vendor-sweetphpn/a
Product-totalcalendern/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-4987
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.43% / 92.87%
||
7 Day CHG~0.00%
Published-25 Aug, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.

Action-Not Available
Vendor-scripteenn/a
Product-free_image_hosting_scriptn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-4584
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.33%
||
7 Day CHG~0.00%
Published-06 Jan, 2010 | 21:33
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie.

Action-Not Available
Vendor-dbmastersn/a
Product-db_masters_multimedia_links_directoryn/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-16634
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.87% / 88.91%
||
7 Day CHG~0.00%
Published-09 Nov, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-4447
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.55% / 83.13%
||
7 Day CHG~0.00%
Published-29 Dec, 2009 | 20:15
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.

Action-Not Available
Vendor-jax_scriptsn/a
Product-jax_guestbookn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-22956
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-50.69% / 98.78%
||
7 Day CHG+0.79%
Published-13 Apr, 2022 | 00:00
Updated-13 Feb, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-vrealize_automationidentity_managerlinux_kernelworkspace_one_accessVMware Workspace ONE Access
CWE ID-CWE-287
Improper Authentication
CVE-2021-28152
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.18% / 91.45%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 15:11
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.

Action-Not Available
Vendor-hongdiann/a
Product-h8922_firmwareh8922n/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-23126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.27% / 80.92%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 18:07
Updated-28 May, 2025 | 21:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.

Action-Not Available
Vendor-teslamaten/a
Product-teslamaten/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-3923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.35% / 81.67%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-virtual_desktop_infrastructurevirtualboxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-3158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.66% / 83.85%
||
7 Day CHG~0.00%
Published-10 Sep, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-carsten_wulffn/a
Product-simplephpwebn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2642
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.42% / 82.17%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 19:06
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.

Action-Not Available
Vendor-desiscriptsn/a
Product-desi_short_url_scriptn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.05% / 78.85%
||
7 Day CHG~0.00%
Published-17 May, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.

Action-Not Available
Vendor-easy-scriptsn/a
Product-answer_and_question_scriptn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.43% / 82.22%
||
7 Day CHG~0.00%
Published-01 Jun, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.

Action-Not Available
Vendor-cmsnxn/a
Product-million_dollar_text_linksn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2233
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.63% / 83.70%
||
7 Day CHG~0.00%
Published-26 Jun, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.

Action-Not Available
Vendor-awscriptsn/a
Product-gallery_search_enginen/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.93% / 85.40%
||
7 Day CHG~0.00%
Published-12 Jun, 2009 | 17:28
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request.

Action-Not Available
Vendor-grestuln/a
Product-grestuln/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.03% / 59.49%
||
7 Day CHG~0.00%
Published-05 Jul, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.

Action-Not Available
Vendor-max_kervinn/a
Product-kervinet_forumn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2231
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.63% / 83.70%
||
7 Day CHG~0.00%
Published-26 Jun, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.

Action-Not Available
Vendor-mid.asn/a
Product-midasn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-2168
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.78% / 95.56%
||
7 Day CHG~0.00%
Published-22 Jun, 2009 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.

Action-Not Available
Vendor-egyplusn/a
Product-7ammeln/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0864
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.77% / 84.53%
||
7 Day CHG~0.00%
Published-10 Mar, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.

Action-Not Available
Vendor-matteoiammarronen/a
Product-s-cmsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1122
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-98.45% / 99.91%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_serviceswindows_2000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.87% / 85.09%
||
7 Day CHG~0.00%
Published-24 Mar, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.

Action-Not Available
Vendor-kamadsn/a
Product-bloginatorn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6857
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.59% / 83.38%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

Action-Not Available
Vendor-xiglan/a
Product-absolute_podcast.netn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6856
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 83.03%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

Action-Not Available
Vendor-xiglan/a
Product-absolute_news_manager.netn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.41% / 93.69%
||
7 Day CHG~0.00%
Published-07 Aug, 2009 | 18:33
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.

Action-Not Available
Vendor-zeewaysn/a
Product-shaadiclonen/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.61% / 94.43%
||
7 Day CHG~0.00%
Published-31 Aug, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.

Action-Not Available
Vendor-zkupn/a
Product-zkupn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.12% / 86.25%
||
7 Day CHG~0.00%
Published-12 Aug, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.

Action-Not Available
Vendor-turnkeyformsn/a
Product-web_hosting_directoryn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-6862
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.51% / 82.84%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

Action-Not Available
Vendor-xiglan/a
Product-absolute_content_rotatorn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.80% / 84.71%
||
7 Day CHG~0.00%
Published-24 Aug, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.

Action-Not Available
Vendor-ajsquaren/a
Product-aj_classifiedsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-17430
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.85% / 76.48%
||
7 Day CHG~0.00%
Published-07 Dec, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.

Action-Not Available
Vendor-n/aSangoma Technologies Corp.
Product-netborder\/vega_session_firmwarenetborder\/vega_sessionn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7179
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.29% / 81.08%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.

Action-Not Available
Vendor-otmanagern/a
Product-otmanager_cmsn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 14
  • 15
  • Next
Details not found