CVE-2009-1489

Fungamez RC1 - Unauthenticated Authentication Bypass via User Cookie Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1489. PoCs published by YEnH4ckEr.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass via SQL injection in the login form and insecure cookie handling, as well as a local file inclusion (LFI) vulnerability in the admin module. The PoC provides clear steps to exploit these vulnerabilities in FunGamez RC-1.

Description

includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by YEnH4ckEr · textwebappsphp
https://www.exploit-db.com/exploits/8493

This exploit demonstrates an authentication bypass via SQL injection in the login form and insecure cookie handling, as well as a local file inclusion (LFI) vulnerability in the admin module. The PoC provides clear steps to exploit these vulnerabilities in FunGamez RC-1.

Classification
Working Poc 90%
Attack Type
Sqli | Auth Bypass | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: FunGamez RC-1
No auth needed
Prerequisites: Access to the login page or ability to set cookies · For LFI, admin privileges obtained via auth bypass
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50424
Exploit mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=124025031126068&w=2
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1117
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8493

Scores

EPSS 0.0254
EPSS Percentile 82.9%

Details

CWE
CWE-287
Status published
Products (1)
rens_rikkerink/fungamez
Published Apr 29, 2009
Tracked Since Feb 18, 2026