CVE-2008-5040

Graphiks MyForum 1.3 - Unauthenticated Authentication Bypass via Cookie Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5040. PoCs published by Stack.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in MyForum 1.3, allowing an attacker to bypass authentication by setting arbitrary cookie values via JavaScript. The PoC directly manipulates the 'myforum_login' and 'myforum_pass' cookies to gain unauthorized access.

Description

Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stack · textwebappsphp
https://www.exploit-db.com/exploits/6857

This exploit demonstrates an insecure cookie handling vulnerability in MyForum 1.3, allowing an attacker to bypass authentication by setting arbitrary cookie values via JavaScript. The PoC directly manipulates the 'myforum_login' and 'myforum_pass' cookies to gain unauthorized access.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: MyForum 1.3
No auth needed
Prerequisites: Victim must execute the provided JavaScript in their browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4577
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31955
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6857
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46157

Scores

EPSS 0.0256
EPSS Percentile 83.1%

Details

CWE
CWE-287
Status published
Products (1)
graphiks/myforum 1.3
Published Nov 12, 2008
Tracked Since Feb 18, 2026