Description
The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Gregory Duchemin · textwebappscgi
https://www.exploit-db.com/exploits/9074
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35658
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022500
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/9074
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504694/100/0/threaded
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1785
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35553
Scores
EPSS
0.0278
EPSS Percentile
86.1%
Details
CWE
CWE-264
Status
published
Products (8)
sourcefire/3d_sensor
4.8
sourcefire/3d_sensor
4.8.0.3
sourcefire/3d_sensor
4.8.0.4
sourcefire/3d_sensor
< 4.8.1
sourcefire/defense_center
4.8
sourcefire/defense_center
4.8.0.3
sourcefire/defense_center
4.8.0.4
sourcefire/defense_center
< 4.8.1
Published
Jul 07, 2009
Tracked Since
Feb 18, 2026