CVE-2008-4614

Portalapp - Authentication Bypass

Title source: rule

Description

PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.

Exploits (1)

exploitdb WORKING POC VERIFIED

by r3dm0v3 · textwebappsasp

https://www.exploit-db.com/exploits/4848

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/28337

[Patch] http://www.aspapp.com/content.asp?CatId=197&ContentType=Downloads

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39457

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27170

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4848

[Third Party Advisory] http://securityreason.com/securityalert/4439

Scores

EPSS 0.0822

EPSS Percentile 92.1%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

portalapp/portalapp

Timeline

Published Oct 20, 2008

Tracked Since Feb 18, 2026