CVE-2008-7024

admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."

Link	Resource
http://secunia.com/advisories/32057	Vendor Advisory
http://www.securityfocus.com/bid/31429	Exploit
http://osvdb.org/48639
https://exchange.xforce.ibmcloud.com/vulnerabilities/45439
https://www.exploit-db.com/exploits/6584
http://www.securityfocus.com/archive/1/496761/100/0/threaded

Configuration 1

cpe:2.3:a:arzdev:gemini_lite:3.6:*:*:*:*:*:*:* cpe:2.3:a:arzdev:gemini_portal:4.7:*:*:*:*:*:*:* cpe:2.3:a:arzdev:gemini_lite:3.5:*:*:*:*:*:*:*

---

Published : 2009-08-21 02:30

Updated : 2018-10-11 08:58

---

NVD link : CVE-2008-7024

Mitre link : CVE-2008-7024

Arzdev

CWE-264