CVE-2009-0412

Interspire Shopping Cart <4.0.1 - Auth Bypass

Title source: llm

Description

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/47899

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/499967/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33212

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1021557

Scores

EPSS 0.0038

EPSS Percentile 59.3%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

interspire/shopping_cart

Timeline

Published Feb 03, 2009

Tracked Since Feb 18, 2026