CVE-2009-3904

classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:cubecart:cubecart:4.3.4:*:*:*:*:*:*:*

Information

Published : 2009-11-06 07:30

Updated : 2018-10-10 12:47


NVD link : CVE-2009-3904

Mitre link : CVE-2009-3904


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

cubecart

  • cubecart