CVE-2008-6763

Silentum LoginSys 1.0.0 - Unauthenticated Authentication Bypass via logged_in Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6763. PoCs published by Osirys.

AI-analyzed exploit summary This writeup describes an insecure cookie handling vulnerability in Silentum LoginSys 1.0.0, where the 'logged_in' cookie is set to the username instead of a secure token, allowing an attacker to bypass authentication by setting the cookie to an admin username via JavaScript.

Description

login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Osirys · textwebappsphp
https://www.exploit-db.com/exploits/7601

This writeup describes an insecure cookie handling vulnerability in Silentum LoginSys 1.0.0, where the 'logged_in' cookie is set to the username instead of a secure token, allowing an attacker to bypass authentication by setting the cookie to an admin username via JavaScript.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Silentum LoginSys 1.0.0
No auth needed
Prerequisites: Access to the target application's login page · Knowledge of an admin username
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/47941
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33031
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31801
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47616
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7601

Scores

EPSS 0.0652
EPSS Percentile 92.9%

Details

CWE
CWE-287
Status published
Products (1)
hypersilence/silentum_loginsys 1.0.0
Published Apr 28, 2009
Tracked Since Feb 18, 2026