Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-6965
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-13 Aug, 2009 | 16:30
Updated At-29 Sep, 2017 | 01:33

AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
aj_square
aj_square
>>aj_auction>>*
cpe:2.3:a:aj_square:aj_auction:*:*:*:*:*:*:*:*
aj_square
aj_square
>>aj_auction>>1.0
cpe:2.3:a:aj_square:aj_auction:1.0:*:pro_platinum_skin:*:*:*:*:*
aj_square
aj_square
>>aj_auction>>2.0
cpe:2.3:a:aj_square:aj_auction:2.0:*:pro_platinum_skin:*:*:*:*:*
aj_square
aj_square
>>aj_auction>>web_2.0
cpe:2.3:a:aj_square:aj_auction:web_2.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/32243cve@mitre.org
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46528cve@mitre.org
N/A
https://www.exploit-db.com/exploits/7087cve@mitre.org
N/A
Change History
0Changes found
Details not found