CVE-2008-6966

AJ Square AJ Auction - Access Control

Title source: rule

Description

AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by G4N0K · textwebappsphp

https://www.exploit-db.com/exploits/7087

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46528

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7087

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32243

Scores

EPSS 0.0159

EPSS Percentile 81.7%

Details

CWE

CWE-264

Status published

Products (1)

aj_square/aj_auction 1.0

Published Aug 13, 2009

Tracked Since Feb 18, 2026