CVE-2008-7024

Published: Aug 21, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."

Affected (3)

Products: Arzdev: Gemini Lite, Gemini Portal

Arzdev

2 products

Gemini Lite

Gemini Portal

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Arzdev Gemini Lite	Version 3.5
Arzdev Gemini Lite	Version 3.6
Arzdev Gemini Portal	Version 4.7

Related CWEs

CWE-264

References (12)

http://osvdb.org/48639

Source: cve@mitre.org

http://secunia.com/advisories/32057

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/496761/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/31429

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/45439

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6584

Source: cve@mitre.org

http://osvdb.org/48639