CVE-2008-5497

BandSite CMS 1.1.4 - Unauthenticated Authentication Bypass via login_auth Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5497. PoCs published by Stack.

AI-analyzed exploit summary This exploit leverages insecure cookie handling in BandSite CMS 1.1.4 by setting a 'login_auth' cookie to 'true' via JavaScript, bypassing authentication. The attack is trivial and relies on client-side execution.

Description

BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stack · textwebappsphp

https://www.exploit-db.com/exploits/7113

View Code ZIP pw:eip

This exploit leverages insecure cookie handling in BandSite CMS 1.1.4 by setting a 'login_auth' cookie to 'true' via JavaScript, bypassing authentication. The attack is trivial and relies on client-side execution.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: BandSite CMS 1.1.4

No auth needed

Prerequisites: Victim must execute the provided JavaScript (e.g., via XSS or direct console input)

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7113

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32295

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46601

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4716

Scores

EPSS 0.0281

EPSS Percentile 84.7%

Details

CWE

CWE-287

Status published

Products (1)

bandsitecms/bandsite_cms 1.1.4

Published Dec 12, 2008

Tracked Since Feb 18, 2026