CVE-2008-6228

Pre Multi-Vendor Shopping Malls - Unauthenticated Authentication Bypass via Cookie Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6228. PoCs published by G4N0K.

AI-analyzed exploit summary This exploit demonstrates insecure cookie handling and SQL injection vulnerabilities in Pre Multi-Vendor Shopping Malls. It includes proof-of-concept URLs for SQLi attacks to extract database information and admin credentials.

Description

Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".

Exploits (1)

exploitdb WORKING POC VERIFIED
by G4N0K · textwebappsphp
https://www.exploit-db.com/exploits/6999

This exploit demonstrates insecure cookie handling and SQL injection vulnerabilities in Pre Multi-Vendor Shopping Malls. It includes proof-of-concept URLs for SQLi attacks to extract database information and admin credentials.

Classification
Working Poc 90%
Attack Type
Sqli | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Pre Multi-Vendor Shopping Malls (Preproject MCart)
No auth needed
Prerequisites: Access to the target application · JavaScript execution in the victim's browser for cookie manipulation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3018
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46388
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6999

Scores

EPSS 0.0266
EPSS Percentile 83.7%

Details

CWE
CWE-255
Status published
Products (1)
preproject/pre_multi-vendor_shopping_malls
Published Feb 20, 2009
Tracked Since Feb 18, 2026