CVE-2012-2437

Published: Nov 26, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.

Affected (1)

Products: Awcm Cms: Ar Web Content Manager

Awcm Cms

1 product

Ar Web Content Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Awcm Cms Ar Web Content Manager	Version 2.2

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html

Source: cve@mitre.org

Exploit

http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/79926

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/79926

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.