CVE-2008-5880

Gobbl CMS 1.0 - Unauthenticated Authentication Bypass via auth Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5880. PoCs published by x0r.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass in Gobbl CMS 1.0 by manually setting the 'auth' cookie to 'ok', allowing unauthorized access to the admin panel. The vulnerability lies in the auth.php file, which does not properly validate the cookie's origin or integrity.

Description

admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".

Exploits (1)

exploitdb WORKING POC VERIFIED

by x0r · textwebappsphp

https://www.exploit-db.com/exploits/7518

View Code ZIP pw:eip

The exploit demonstrates an authentication bypass in Gobbl CMS 1.0 by manually setting the 'auth' cookie to 'ok', allowing unauthorized access to the admin panel. The vulnerability lies in the auth.php file, which does not properly validate the cookie's origin or integrity.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Gobbl CMS 1.0

No auth needed

Prerequisites: Access to the target website · JavaScript execution in the browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4886

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33190

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32918

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7518

Scores

EPSS 0.0251

EPSS Percentile 82.7%

Details

CWE

CWE-287

Status published

Products (1)

gobbl/gobbl_cms 1.0

Published Jan 08, 2009

Tracked Since Feb 18, 2026