Description
cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jon Oberheide · textwebappscgi
https://www.exploit-db.com/exploits/29844
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/465386/100/100/threaded
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24845
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1359
Vendor Advisory x_refsource_confirm
http://www.umich.edu/~umweb/software/cosign/cosign-vuln-2007-002.txt
Scores
EPSS
0.0505
EPSS Percentile
89.8%
Details
Status
published
Products (13)
cosign/cosign
0.7.0
cosign/cosign
0.8.0
cosign/cosign
0.9.0
cosign/cosign
1.0
cosign/cosign
1.1
cosign/cosign
1.5
cosign/cosign
1.6
cosign/cosign
1.7
cosign/cosign
1.8
cosign/cosign
1.8.5
... and 3 more
Published
Apr 25, 2007
Tracked Since
Feb 18, 2026