CVE-2006-2636

Katy Whitton Newscmslite - Authentication Bypass

Title source: rule

Description

newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/32760

View on exploitdb

References (8)

[Vendor Advisory] http://secunia.com/advisories/20294

[Exploit] http://www.bugreport.ir/index_62.htm

[Vendor Advisory] http://www.kapda.ir/advisory-332.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/435019/100/0/threaded

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/1993

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26698

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500407/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/974

Scores

EPSS 0.0819

EPSS Percentile 92.1%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

katy_whitton/newscmslite

Timeline

Published May 30, 2006

Tracked Since Feb 18, 2026